access list

To configure the access list mechanism for filtering frames by protocol type or vendor code, use the access-list global configuration command. Use the noaccess-list command to remove the single specified entry from the access list.

Syntax Description

access-list-number

Integer that identifies the access list. If the type-code wild-mask arguments are included, this integer ranges from 200 to 299, indicating that filtering is by protocol type. If the address and mask arguments are included, this integer ranges from 700 to 799, indicating that filtering is by vendor code.

permit

Permits the frame.

deny

Denies the frame.

type-code

16-bit hexadecimal number written with a leading 0x; for example, 0x6000. Specify either a Link Service Access Point (LSAP) type code for 802-encapsulated packets or a SNAP type code for SNAP-encapsulated packets. (LSAP, sometimes called SAP, refers to the type codes found in the DSAP and SSAP fields of the 802 header.)

wild-mask

16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument. The wild-mask indicates which bits in the type-code argument should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be 0x0101 because these two bits are used for purposes other than identifying the SAP code.)

address

48-bit Token Ring address written in dotted triplet form. This field is used for filtering by vendor code.

mask

48-bit Token Ring address written in dotted triplet form. The ones bits in mask are the bits to be ignored in address. This field is used for filtering by vendor code.

Defaults

No numbered encryption access lists are defined, and therefore no traffic is encrypted/decrypted. After being defined, all encryption access lists contain an implicit "deny" ("do not encrypt/decrypt") statement at the end of the list.

Command Modes

Global configuration

Command History

Release

Modification

11.2

This command was introduced.

Usage Guidelines

Use encryption access lists to control which packets on an interface are encrypted/decrypted, and which are transmitted as plain text (not encrypted).

When a packet is examined for an encryption access list match, encryption access list statements are checked in the order that the statements were created. When a packet matches the conditions in a statement, no more statements are checked. This means that you need to carefully consider the order in which you enter the statements.

To use the encryption access list, you must first specify the access list in a crypto map and then apply the crypto map to an interface, using the crypto map (CET global configuration) and crypto map (CET interface configuration) commands.

Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control virtual terminal line access or restrict contents of routing updates must not match the TCP source port, the type of service value, or the packet's precedence.

Note After an access list is created initially, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. You cannot selectively add or remove access list command lines from a specific access list.

Caution When creating encryption access lists, we do not recommend using the any keyword to specify source or destination addresses. Using the any keyword with a permit statement could cause extreme problems if a packet enters your router and is destined for a router that is not configured for encryption. This would cause your router to attempt to set up an encryption session with a non-encrypting router. If you incorrectly use the any keyword with a deny statement, you might inadvertently prevent all packets from being encrypted, which could present a security risk.

Note If you view your router's access lists by using a command such as show ip access-list, all extended IP access lists are displayed in the command output. This includes extended IP access lists that are used for traffic filtering purposes as well as those that are used for encryption. The show command output does not differentiate between the two uses of the extended access lists.

Examples

The following example shows how to create a numbered encryption access list that specifies a class C subnet for the source and a class C subnet for the destination of IP packets. When the router uses this encryption access list, all TCP traffic that is exchanged between the source and destination subnets are encrypted.

access-list 101 permit tcp 172.21.3.0 0.0.0.255 172.22.2.0 0.0.0.255

bandwidth (service flows qos subscriber profile sub-mode)

To configure the maximum aggregate bandwidth value, use the bandwidth command in the service flows qos subscriber profile sub-mode. Use the no form of the command to disable this feature.

bandwidth number

no bandwidth number

Syntax Description

number

The maximum aggregate bandwidth value. The valid range is 8000-2000000000.

Defaults

There are no default values.

Command Modes

Service flows qos subscriber profile sub-mode.

Command History

Release

Modification

12.4xx

This command was introduced.

Usage Guidelines

There are no usage guidelines.

Examples

The following example shows how to enable a maximum aggregate bandwidth value of 9000:

Router#(config-qos-profile)#bandwidth ?

<8000-2000000000> Value

Router#(config-qos-profile)#bandwidth 9000 ?

<cr>

cdma pdsn a10 ahdlc engine

To limit the number of Asynchronous High-Level Data Link Control (AHDLC) channel resources provided by the AHDLC engine, use the cdma pdsn a10 ahdlc engine command to in global configuration mode. To reset the number of AHDLC channel resources to the default, use the no form of this command.

cdma pdsn a10 ahdlc engine slot usable-channelsusable-channels

no cdma pdsn a10 ahdlc engine slot usable-channels

Syntax Description

slot

Slot number of the AHDLC.

usable-channels usable-channels

Maximum number of channels that can be opened in the AHDLC engine. Valid values range between 0 and 8000 or 20000. Specifying 0 disables the engine.

Defaults

The default number of usable channels equals the maximum channels supported by the engine; the c-5 images supports 8000 sessions, and all c-6 image support 20000 sessions.

In the PDSN 4.0 image, the maximum number of usable channel is increased to 75000.

In the PDSN 5.0 image, the maximum number of usable channel is increased to 105000 per processor.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.2(8)BY

The maximum number of usable channels was increased to 20000.

12.4(15)xx

The maximum number of usable channels was increased to 75000 in the PDSN 4.0 Release.

12.4(22)XR

The maximum number of usable channels was increased to 105000 in the PDSN 5.0 Release.

Usage Guidelines

If the value of usable-channels is greater than default maximum channels provided by the engine, the command fails.

The command also fails when the engine has any active channels.

Examples

The following example shows how to limit the number of service channels provided by the AHDLC engine to 1000:

cdma pdsn a10 ahdlc engine 0 usable-channels 1000

Related Commands

Command

Description

debug cdma pdsn a10 ahdlc

Displays debug messages for the AHDLC engine.

show cdma pdsn a10 ahdlc

Displays information about the AHDLC engine.

show cdma pdsn resource

Displays AHDLC resource information.

cdma pdsn a10 ahdlc trailer

To enable the PDSN so that AHDLC frames are expected to contain trailer byte, use the cdma pdsn a10 ahdlc trailer command to in global configuration mode. To disable the PDSN so that AHDLC processing does not expect the AHDLC trailer (0x7e), use the no form of this command.

cdma pdsn a10 ahdlc trailer

no cdma pdsn a10 ahdlc trailer

Syntax Description

There are no arguments or keywords for this command.

Defaults

The default behavior is that trailer byte 0x7e is expected in the AHDLC frames.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX

This command was introduced.

Usage Guidelines

When the no version of the command is configured, each AHDLC frame is considered a full AHDLC fragment, and the PDSN starts processing the packet.

Examples

The following example shows how to disable the PDSN so that AHDLC processing does not expect the AHDLC trailer:

Router (config)# no cdma pdsn a10 ahdlc trailer

cdma pdsn a10 always-on keepalive

To alter the default always-on service parameters, use the cdma pdsn a10always-on keepalive command in global configuration mode. To return to the default values, use the no form of this command.

Syntax Description

interval

The duration in seconds, for which PDSN waits for the LCP echo response from peer before sending next LCP echo. The default value is 3seconds.

attempts

The number of times the LCP echo is sent before determining an always-on user is not reachable and tearing down the session after idle timer expiry. The default value is 3. Configuring this value to 0 is similar to ignoring the always-on property for the user.

Defaults

The Always On feature is enabled by default. The default value for interval is 3, and the default value for attempts is 3.

Command Modes

Global configuration

Command History

Release

Modification

12.3(8)XW

This command was introduced.

cdma pdsn a10 init-ppp-after-airlink-start airlink-start-timeout

To configure the PDSN so that Point-to-Point Protocol (PPP) negotiation with an MN starts only after the traffic channel is assigned, (in other words, after a Registration Request with airlink-start is received), use the cdma pdsn a10 init-ppp-after-airlink-start command in global configuration mode. Use the no form of this command to revert to the default behavior.

Syntax Description

Defaults

By default, this CLI is not enabled, therefore, the PDSN initiates PPP negotiation immediately after a Registration Reply is sent to the initial Registration.Request.

When enabled, the default timeout interval is 10 seconds.

Command Modes

Global configuration

Command History

Release

Modification

12.2(8)ZB4a

This command was introduced.

Usage Guidelines

The PDSN initiates PPP negotiation immediately after a Registration Reply is sent to the initial Registration Request, but the calls (for which the PPP negotiation has started before the traffic channel is assigned to MN) have failed.

When this command is enabled, the PPP negotiation with the MN starts only after the traffic channel is assigned—after a Registration Request with airlink-start is received. If the airlink start is not received at all, the session is torn down when timeout occurs.By default, this timeout interval is 10 seconds, or can be configured through the CLI.

The session is not torn down immediately after the timeout, so, in order to minimize the impact on the performance, there is just one timer started to keep track of all the sessions waiting for airlink-start to start PPP.

For example, with a default of 10 seconds, if the timer expires at t1 and a new call comes at t2(t2 >t1), the next run of the timer is at t1+10. It is likely that the uptime for the call is not more than 10 seconds since t2 > t1. So the call is checked at the next run (t1+10+10). Thus, the variation is between 1 and 10.

Examples

The following example shows how to enable the cdma pdsn a10 init-ppp-after-airlink-start airlink-start-timeout command:

cdma pdsn a10 gre sequencing

To enable inclusion of Generic Routing Encapsulation (GRE) sequence numbers in the packets sent over the A10 interface, use the cdma pdsn gre sequencing command in global configuration mode. To disable the inclusion of GRE sequence number in the packets sent over the A10 interface, use the no form of this command.

cdma pdsn a10 gre sequencing

no cdma pdsn a10 gre sequencing

Syntax Description

This command has no arguments or keywords.

Defaults

GRE sequence numbers are included in the packets sent over the A10 interface.

Command Modes

Global configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how to instruct Cisco PDSN to include per-session GRE sequence numbers in the packets sent over the A10 interface:

Router# cdma pdsn a10 gre sequencing

Related Commands

Command

Description

debug cdma pdsn a10 gre

Displays debug messages for A10 GRE interface errors.

show cdma pdsn pcf

Displays information about PCFs that have R-P tunnels to the PDSN.

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

cdma pdsn a10 max-lifetime

To specify the maximum A10 registration lifetime accepted, use the cdma pdsn a10 max-lifetime command in global configuration mode. To return to the default length of time, use the no form of this command.

cdma pdsn a10 max-lifetimeseconds

no cdma pdsn a10 max-lifetime

Syntax Description

seconds

Maximum A10 registration lifetime accepted by Cisco PDSN. The range is 1 to 65535 seconds. The default is 1800 seconds.

Defaults

1800 seconds.

Command Modes

Global configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how A10 interface can be maintained for 1440 seconds:

Router# cdma pdsn a10 max-lifetime 1440

Related Commands

Command

Description

cdma pdsn a10 gre sequencing

Enables GRE sequence number checking on packets received over the A10 interface.

debug cdma pdsn a10 gre

Displays debug messages for A10.

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

show cdma pdsn pcf

Displays information about PCFs that have R-P tunnels to the PDSN.

cdma pdsn a10 police downstream

To enable policing of down stream data traffic for the session, use the cdma pdsn a10 police downstream command in global configuration mode. To disable this feature, use the no form of this command.

cdma pdsn a10 police downstream

no cdma pdsn a10 police downstream

Syntax Description

There are no keywords or variable for this command.

Defaults

The default value is that policing is not applied for downstream packets.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn a10 police downstreamcommand:

Router(config)# cdma pdsn a10 police downstream

cdma pdsn a11 default-service-option so-value

To configure PDSN to send the F5 attribute as default configured value in the accounting records, use the cdma pdsn a11 default-service-optionso-value command in the global configuration mode. To disable this feature, use the no form of this command.

cdma pdsn a11 default-service-optionso-value

no cdma pdsn a11 default-service-option

The command is used to configure the default Service Option (SO) value for the accounting records, when PDSN receives the F5 SO value as zero or when it did not receive the airlink start and the received service option for A10 is also zero.

Syntax Description

so-value

Indicates the service option value that must be configured as default value. The default value ranges from 1 to 65535.

Defaults

The default value is zero.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn a11 default-service-option command:

Router(config)# cdma pdsn a11 default-service-option ?

<1-65535> Default Service Option

Router(config)# cdma pdsn a11 default-service-option 59

cdma pdsn a11 dormant ppp-idle-timeout send-termreq

To specify that for dormant sessions, on PPP idle timeout, PPP termreq are sent, use the cdma pdsn all dormant ppp-idle-timeout send-termreq command in global configuration mode. To disable this feature, use the no form of this command.

cdma pdsn all dormant ppp-idle-timeout send-termreq

no cdma pdsn all dormant ppp-idle-timeout send-termreq

Syntax Description

There are no keywords or variable for this command.

Defaults

There are no default values.

Command Modes

Global configuration

Command History

Release

Modification

12.2(8)ZB

This command was introduced.

Usage Guidelines

Disabling this behavior avoids traffic channel allocation for cleaning up ppp sessions at the mobile.

Examples

The following example shows how to enable the cdma pdsn all dormant ppp-idle-timeout send-termreqcommand:

Router# cdma pdsn a11 dormant ppp-idle-timeout send-termreq

cdma pdsn a11 dormant sdb-indication gre-flags

To configure the PDSN so that all packets that are set with the specific group-number are flagged for SDB usage between the PCF and the PDSN, use the cdma pdsn a11 dormant sdb-indication gre-flags command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn a11 dormant sdb-indication gre-flags group-number

no cdma pdsn a11 dormant sdb-indication gre-flags group-number

Syntax Description

Command

Description

group-number

Specifies the classified match criteria.

Defaults

There are no default values.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF

This command was introduced.

Usage Guidelines

The B bit (SDB indication) would be set for packets matching the sdb-indication group-number.

Examples

The following example shows how to enable the cdma pdsn a11 dormant sdb-indication match-qos-group command:

Router# cdma pdsn a11 dormant sdb-indication gre-flags 12

cdma pdsn a11 dormant sdb-indication match-qos-group

To configure the PDSN to use SDBs to deliver PPP control packets for Always-On sessions, where the session is dormant, use the cdma pdsn a11 dormant sdb-indication match-qos-group command in global configuration mode. Use the no form of this command to disable this feature.

Syntax Description

Defaults

There are no default values.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF2

This command was introduced.

Usage Guidelines

While data packets can be sent towards the mobile using SDBs, SDBs can also be used to deliver PPP control packets. This method can be particularly helpful for Always-On sessions, where the session is dormant. Basically, with Always On configured, the PDSN sends out LCP echo requests (and waits for LCP echo replies) to keep the session alive. As a result, when such a session goes dormant, a data channel needs to be setup to deliver these LCP echo requests to the MN. The other option is to use SDBs to deliver the LCP echo requests without setting up a data channel.

Examples

The following example shows how to enable the cdma pdsn a11 dormant sdb-indication match-qos-group command:

cdma pdsn a11 mandate presence airlink-setup

To mandate that the initial RRQ should have Airlink-Setup in Acct CVSE from PCF, use the cdma pdsn all mandate presence airlink-setup command in global configuration mode. To disable this feature, use the no form of this command.

cdma pdsn a11 mandate presence airlink-setup

no cdma pdsn a11 mandate presence airlink-setup

Syntax Description

This command has no keywords or variables.

Defaults

There are no default values.

Command Modes

Global configuration

Command History

Release

Modification

12.2(8)ZB1

This command was introduced.

Usage Guidelines

Issuing this command mandates that the initial RRQ should have Airlink-Setup in Acct CVSE from PCF. As a result, if this Airlink setup is not present in the RRQ, the session is not created, and a RRP with error code "86H - Poorly formed request" is returned.

If you do not configure this command, or disable it, then sessions can be opened even with no accounting CVSE being present in the initial RRQ.

Examples

The following example shows how to enable the cdma pdsn all mandate presence airlink-setupcommand:

Router# cdma pdsn a11 mandate presence airlink-setup

cdma pdsn a11 receive de-reg send-termreq

To enable the PDSN to send an LCP TermReq to the Mobile Node when it receives a A11 de-registration message from the PCF, use the cdma pdsn a11 receive de-reg send-termreq command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn a11 receive de-reg send-termreq

no cdma pdsn a11 receive de-reg send-termreq

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF

This command was introduced.

Examples

The following example shows how to enable the PDSN to send an LCP TermReq to the Mobile Node when it receives a A11 de-registration message from the PCF:

Router (config)# cdma pdsn a11 receive de-reg send-termreq

cdma pdsn a11 reject airlink-start active

To enable the PDSN to send RRP (with error code "86H-Poorly formed request") when the RRQ is received with airlink-start in the Acct CVSE from PCF for an active session, use the cdma pdsn a11 reject airlink-start active command in global configuration mode. To disable this function, use the no form of the command.

cdma pdsn a11 reject airlink-start active

no cdma pdsn a11 reject airlink-start active

Syntax Description

This command has no arguments or keywords.

Defaults

No default values.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn a11 reject airlink-start active command:

Router(config)# cdma pdsn a11 reject airlink-start active

cdma pdsn a11 reject airlink-stop dormant

To enable the PDSN to send RRP (with error code "86H-Poorly formed request") when the RRQ is received with airlink-stop in the Acct CVSE from PCF for a dormant session, use the cdma pdsn a11 reject airlink-stop dormant command in global configuration mode. To disable this function, use the no form of the command.

cdma pdsn a11 reject airlink-stop dormant

no cdma pdsn a11 reject airlink-stop dormant

Syntax Description

This command has no arguments or keywords.

Defaults

No default values.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn a11 reject airlink-stop dormant command:

Router(config)# cdma pdsn a11 reject airlink-stop dormant

cdma pdsn a11 session-update

To enable the A11 Session update feature on the PDSN, and to send an A11 session update for either the Always On, or RNPDIT (or both) attributes that are downloaded from the AAA during the authentication phase, use the cdma pdsn a11 session-update command in global configuration. Use the no form of the command to disable this feature.

cdma pdsn a11 session-update {[always-on] 1-10 [rn-pdit] 0-9}

no cdma pdsn a11 session-update {[always-on] [rn-pdit] 1-10}

Syntax Description

Command

Description

always-on

Sends an A11 session update for the Always On attribute that is downloaded from the AAA during the authentication phase.

rn-pdit

Sends an A11 session update for the RN-PDIT attribute that is downloaded from the AAA during the authentication phase.

1-10

Sets the timeout value for re-transmission of the A11 session update message to the PCF. The default timeout value is 3 seconds.

0-9

Sets the retransmit limit for the A11 session update if A11 session update Ack is not received from the PCF. Default re-transmission value is 3.

Defaults

The default timeout value is 3 seconds. The default retransmit number is 3.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF

This command was introduced.

Examples

The following example shows how to enable both the always-on and rn-pdit attributes:

Router(config)#cdma pdsn a11 session-update ?

always-on Send Always-on indicator in A11 Session-Update

rn-pdit Send RN-PDIT in A11 Session-Update

cdma pdsn a11 session-update qos

To enable sending a Subscriber QoS profile through an A11 session-update and A11 RRP, use the cdma pdsn a11 session-update qos command in global configuration mode. Use the no form of the command disable the feature. The existing timeout and retransmit a11 session-update configurations also apply to this command.

cdma pdsn a11 session-update qos

no cdma pdsn a11 session-update qos

Syntax Description

This command has no arguments or keywords.

Defaults

The default value is that subscriber qos is not sent in session update.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn a11 session-update qos command:

Router(config)# cdma pdsn a11 session-update qos

cdma pdsn accounting local-timezone

To specify the local time stamp for PDSN accounting events, use the cdma pdsn accounting local-timezone command in global configuration mode. To return to the default Universal Time (UTC), use the no form of this command.

cdma pdsn accounting local-timezone

no cdma pdsn accounting local-timezone

Syntax Description

This command has no arguments or keywords.

Defaults

UTC time, a standard based on GMT, is enabled.

Command Modes

Global configuration

Command History

Release

Modification

12.1(5)XS

This command was introduced.

Usage Guidelines

You must use the clock timezone hours-offset [minutes-offset]global configuration command to reflect the difference between local time and UTC time.

Examples

The following example shows how to set the local time in Korea:

clock timezone KOREA 9

cdma pdsn accounting local-timezone

Related Commands

Command

Description

cdma pdsn accounting send start-stop

Causes the PDSN to send:

•An Accounting Stop record when it receives an active stop airlink record (dormant state)

•An Accounting Start record when it receives an active start airlink record (active state)

clock timezone

Specifies the hours and minutes (optional) difference between the local time zone and UTC.

cdma pdsn accounting main-flow

To configure PDSN to stop sending the accounting records for the ipflows, use the cdma pdsn accounting main-flow command in global configuration mode. Use the no form of this command to disable the configurations.

cdma pdsn accounting main-flow

no cdma pdsn accounting main-flow

When you enable this command, accounting records for ipflows are not sent. Also, any traffic that is accounted in the ipflows is ignored and not added in the traffic details of the main-flow.

Note•If you did not enable cdma pdsn accounting main-flow or cdma pdsn accounting main-flow include ipflows, then per-ipflow based accounting is performed, which means accounting records are sent per-ipflow.

•If you configure cdma pdsn accounting main-flow include ipflows first and later configure cdma pdsn accounting main-flow, the former configuration is removed.

Syntax Description

This command has no arguments or keywords.

Defaults

By default, the command is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn accounting main-flow command:

PDSN_ACT(config)# cdma pdsn accounting main-flow

cdma pdsn accounting main-flow include ipflows

To configure PDSN to stop sending the accounting records for the ipflows, use the cdma pdsn accounting main-flow include ipflows command in global configuration mode. Use the no form of this command to disable the configurations.

cdma pdsn accounting main-flow include ipflows

no cdma pdsn accounting main-flow

When you enable this command, accounting records for ipflows are not sent. Also, any traffic that is accounted in the ipflows is added in the traffic details of the main-flow when you send the accounting records for the main-flow.

Note•If you did not enable cdma pdsn accounting main-flow or cdma pdsn accounting main-flow include ipflows, then per-ipflow based accounting is performed, which means accounting records are sent per-ipflow.

•If you configure cdma pdsn accounting main-flow first and later configure cdma pdsn accounting main-flow include ipflows, the former configuration is removed.

Syntax Description

This command has no arguments or keywords.

Defaults

By default, the command is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn accounting main-flow include ipflows command:

PDSN_ACT(config)# cdma pdsn accounting main-flow include ipflows

cdma pdsn accounting prepaid

To enable the Prepaid billing feature on PDSN, use the cdma pdsn accounting prepaid command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn accounting prepaid [volume | duration]

no cdma pdsn accounting prepaid [volume | duration]

Syntax Description

Command

Description

volume

Specifies that quota metering on the PDSN is volume-based.

duration

Specifies that quota metering on the PDSN is duration-based.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.3(8)XW

This command was introduced.

Usage Guidelines

Prepaid quota metering on the PDSN can be configured as volume-based only by enabling the volume keyword, or duration-based only by enabling the duration keyword. If no option is provided, both volume-based and duration-based metering are enabled on the PDSN, but only one can be effective at a time for one prepaid flow.

Note The Radius Disconnect feature should be enabled the on PDSN for Prepaid service. Use the cdma pdsn radius disconnect command to enable the radius disconnect (POD) feature.

Examples

The following example shows how to enable volume-based billing on the PDSN using the cdma pdsn accounting prepaid command:

Router# cdma pdsn accounting prepaid volume

cdma pdsn accounting prepaid threshold

To set the box-level threshold for all volume-based or duration-based prepaid flows on the PDSN, use the cdma pdsn accounting prepaid threshold command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn accounting prepaid threshold [volume | duration] value

no cdma pdsn accounting prepaid threshold [volume | duration] value

Syntax Description

Command

Description

volume

Specifies the threshold value to be applied to volume-based accounting. The values are 10-100, and they specify the Volume Threshold percentage.

duration

Specifies the threshold value to be applied to duration-based accounting. The values are 10-100, and they specify the Duration Threshold percentage.

value

Indicates the percentage of allocated quota that is the threshold value for the quota.

Different threshold values can be set for volume-based and duration-based Prepaid service.

Note The threshold values returned in the Access Accept message, for the user, overrides this value.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.3(8)XW

This command was introduced.

Examples

The following example shows how to set the threshold for volume-based billing on the PDSN using the cdma pdsn accounting prepaid threshold command:

Router# cdma pdsn accounting prepaid volume 80

Router# cdma pdsn accounting prepaid duration 75

cdma pdsn accounting remote address compliance 835b

To enable support for IS 835B compliant RAA table index downloaded from AAA, use the cdma pdsn accounting remote address compliance 835b command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn accounting remote address compliance 835b

no cdma pdsn accounting remote address compliance 835b

Syntax Description

This command has no arguments or keywords.

Defaults

By default, this command is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Usage Guidelines

When you enable this command RAA table index of IS 835B standard compliant is accepted during access accept. Other forms of the RAA table index are rejected. When you disable the configuration, RAA table index of both IS 835B, IS 835C, and IS 835D formats are accepted.

Examples

The following examples shows how to enable the cdma pdsn accounting remote address compliance 835b command:

Note The cdma pdsn accounting remote address table index match command forces the condition that the session can be opened only if all the indexes downloaded from the AAA server during access-accept matches with the table configured in PDSN. If there are mismatches, the session is dropped.

cdma pdsn accounting send cdma-ip-tech

To configure specific values for the F11 attribute for proxy Mobile IP and VPDN services, use the cdma pdsn accounting send cdma-ip-tech command in global configuration mode. To deconfigure those values, use the no form of this command.

cdma pdsn accounting send cdma-ip-tech [proxy-mobile-ip | vpdn]

no cdma pdsn accounting send cdma-ip-tech [proxy-mobile-ip | vpdn]

Syntax Description

Command

Description

proxy-mobile-ip

Sets the IP-Tech proxy-mobile-ip number. Values are 3-65535.

vpdn

Sets the IP-Tech vpdn number. Values are 3-65535.

Defaults

No default behavior or values.

Command Modes

Global configuration.

Command History

Release

Modification

12.1XC

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn accounting send cdma-ip-tech
command:

pdsn(config)#cdma pdsn accounting send cdma-ip-tech proxy-mobile-ip 3

pdsn(config)#cdma pdsn accounting send cdma-ip-tech vpdn 4

cdma pdsn accounting send ipv6-flows

To to control the number of flows and UDR records used for IPv4/IPv6 simultaneous sessions, use the cdma pdsn accounting send ipv6-flows command in global configuration mode. Use the no form of this command to disable this function.

cdma pdsn accounting send ipv6-flows number

no cdma pdsn accounting send ipv6-flows number

Syntax Description

Command

Description

number

Number of flows. The default value is 1, denoting shared flow. The range of values is 1-2.

Defaults

The default value of flows is 1, denoting a shared flow.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)XY

This command was introduced.

Usage Guidelines

The session defaults to 1 flow for a simultaneous IPv4/IPv6 session, but 2 flows can be configured for a simultaneous session.

Examples

The following example shows how to enable the cdma pdsn accounting send ipv6-flows command:

Router(config)# cdma pdsn accounting send ipv6-flows 2

cdma pdsn accounting send start-stop

To cause the PDSN to send accounting records when the call transitions between active and dormant states, use the cdma pdsn accounting send start-stop command in global configuration mode. To stop sending accounting records, use the no form of this command.

cdma pdsn accounting send {start-stop | cdma-ip-tech}

no cdma pdsn accounting send {start-stop | cdma-ip-tech}

Syntax Description

Command

Description

start-stop

Informs the PDSN when to begin sending accounting records and when to stop sending them.

cdma-ip-tech

Accounting records are generated with special IP-Tech number.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

When this feature is enabled, the PDSN sends:

•An Accounting Stop record when it receives an active stop airlink record (dormant state).

•An Accounting Start record when it receives an active start airlink record (active state).

Examples

The following example shows how to start sending PDSN accounting events:

cdma pdsn accounting send start-stop

Related Commands

Command

Description

aaa accounting network pdsn start-stop group radius

Enables AAA accounting of requested services for billing or security purposes when you use RADIUS.

cdma pdsn accounting local-timezone

Specifies the timestamp for PDSN accounting events.

cdma pdsn accounting time-of-day

Sets the accounting information for a specific time of day.

cdma pdsn accounting time-of-day

To set the accounting information for specified times during the day, use the cdma pdsn accounting time-of-day command in global configuration mode. To disable the specification, use the no form of this command.

cdma pdsn accounting time-of-day hh:mm:ss

no cdma pdsn accounting time-of-day

Syntax Description

hh:mm:ss

Hour:minutes:seconds.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release

Modification

12.1(5)XS

This command was introduced.

Usage Guidelines

This command is used to facilitate billing when a user is charged different prices based upon the time of the day. Up to ten different accounting triggers can be configured.

Examples

The following example shows how to set an accounting trigger for 13:30:20:

cdma pdsn accounting time-of-day 13:30:30

Related Commands

Command

Description

cdma pdsn accounting send start-stop

Causes the PDSN to send:

•An Accounting Stop record when it receives an active stop airlink record (dormant state)

•An Accounting Start record when it receives an active start airlink record (active state)

clock set

Sets the system clock.

debug cdma pdsn accounting time-of-day

Displays debug information for the command.

show clock

Displays the system clock.

cdma pdsn age-idle-users

To configure the aging of idle users, use the cdma pdsn age-idle-users command. To stop aging out idle users, use the no form of this command.

cdma pdsn age-idle-users [minimum-age value]

no cdma pdsn age-idle-users

Syntax Description

minimum-age value

(Optional) The minimum number of seconds a user should be idle before they are a candidate for being aged out. Possible values are 1 through 65535.

Defaults

By default, no idle users are aged out.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

If no value is specified, the user that has been idle the longest is aged out. If an age is specified and the user that has been idle the longest has not been idle for the specified value, then no users are aged out.

Examples

The following example shows how to set a minimum age out value of 5 seconds:

cdma pdsn age-idle-users minimum-age 5

cdma pdsn attribute send

To configure the attributes to be sent in an access-request or accounting request, use the cdma pdsn attribute send command in global configuration mode. To disable this feature and return to the default settings, use the no form of this command.

To configure the PDSN to send GRE CVSE in all MIP RRQs to all HAs, use the cdma pdsn attribute send gre_cvse mip_rrq command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute send gre_cvse mip_rrq

no cdma pdsn attribute send gre_cvse mip_rrq

Syntax Description

There are no keywords or variables for this command.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute send gre_cvse mip_rrqcommand:

Router (config)# cdma pdsn attribute send gre_cvse mip_rrq

cdma pdsn attribute send meid-optional

To include the MEID in the Accounting Requests and access requests, in FA-CHAP requests and MOIP- requests, use the cdma pdsn attribute send meid-optional command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn attribute send meid-optional

no cdma pdsn attribute send meid-optional

Syntax Description

There are no arguments of keywords for this command.

Defaults

No default values

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX1

This command was introduced.

Usage Guidelines

If the MN is not equipped to send the MEID, it is excluded in the RRQ. In such circumstances, a blank string is included in the Accounting Requests, and the access requests, FA-CHAP and MOIP-rrqs.

If the cdma pdsn attribute send meid-optional command is configured, the MEID is included in the Accounting Requests and access requests, in FA-CHAP requests and MOIP- requests, only if it is included in the RRQ.

Examples

The following example shows how to enable the cdma pdsn attribute send meid-optional command:

cdma pdsn attribute send meid-optional

cdma pdsn attribute vendor

To configure the PDSN to parse the served mdn attribute sent in the China Telecom VSA, and send the attributes in accounting messages, use the cdma pdsn attribute vendor command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute vendor [20492]

no cdma pdsn attribute vendor [20492]

Syntax Description

20492

The attribute number for the China Telecom VSA.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(15)XR2

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute vendor command:

Router (config)#cdma pdsn attribute vendor?

20492 cnctc

cdma pdsn attribute vendor 20942

To configure PDSN to parse the charging type that has been downloaded, use the cdma pdsn attribute vendor 20942 command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute vendor 20942

no cdma pdsn attribute vendor 20942

Syntax Description

20492

The attribute number for the China Telecom VSA.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute vendor 20942command:

Router (config)# cdma pdsn attribute vendor 20942

cdma pdsn attribute vendor 20942 send a1 mip_rrq

To configure PDSN to send the calling station ID attribute in the Mobile IP (MIP) Registration Request (RRQ) as CNCTC Normal Vendor Specific Extension (NVSE), use the cdma pdsn attribute vendor 20942 send a1 mip_rrq command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute vendor 20942 send a1 mip_rrq

no cdma pdsn attribute vendor 20942 send a1 mip_rrq

Syntax Description

20492

The attribute number for the China Telecom VSA.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute vendor 20942 send a1 mip_rrqcommand:

Router (config)# cdma pdsn attribute vendor 20942 send a1 mip_rrq

cdma pdsn attribute vendor 20942 send c2 mip_rrq

To configure PDSN to send the correlation ID attribute in the Mobile IP (MIP) Registration Request (RRQ) as CNCTC NVSE, use the cdma pdsn attribute vendor 20942 send c2 mip_rrq command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute vendor 20942 send c2 mip_rrq

no cdma pdsn attribute vendor 20942 send c2 mip_rrq

Syntax Description

20492

The attribute number for the China Telecom VSA.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute vendor 20942 send c2 mip_rrqcommand:

Router (config)# cdma pdsn attribute vendor 20942 send c2 mip_rrq

cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqs

To configure PDSN to send the PDSN source IP address in the accounting records, use the cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqs command in Global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqs

no cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqs

Syntax Description

20492

The attribute number for the China Telecom VSA.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqscommand:

cdma pdsn attribute vendor 20942 send pmip_capability access_request

To configure PDSN to send the Proxy-Mobile IP (PMIP) functionality to the RADIUS server use the cdma pdsn attribute vendor 20942 send pmip_capability access_request command in Global configuration mode. The RADIUS server in turn sends the the PMIP indicator in the Access-Accept message. PDSN provides the PMIP functionality to the mobile user if it receives the PMIP indicator value as 1. Use the no form of the command to disable this feature.

cdma pdsn cac maximum

To enable the Call Admission Control feature, and to control the CAC bandwidth parameter and CAC CPU parameters, use the cdma pdsn cac maximum command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn cac maximum [bandwidth | cpu]

no cdma pdsn cac maximum [bandwidth | cpu]

Syntax Description

bandwidth

Configures the maximum bandwidth.

cpu

Configures the CPU threshold parameters.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Usage Guidelines

The Call Admission Control feature is only enabled if the CAC CLI for CPU and Bandwidth is configured.

Examples

The following example shows how to enable the cdma pdsn cac maximum bandwidth command:

cdma pdsn cac ?

maximum Configure Maximum values for CAC Parameters

cdma pdsn cac maximum ?

bandwidth Configure Maximum Bandwidth

cpu-threshold Configure CPU Threshold parameters

cdma pdsn cac maximum bandwidth ?

<8000-2000000000> Value

The following example shows how to enable the cdma pdsn cac maximum cpu command:

cdma pdsn cac ?

maximum Configure Maximum values for CAC Parameters

cdma pdsn cac maximum ?

bandwidth Configure CDMA PDSN cac maximum bandwidth

cpu Configure CDMA PDSN cac CPU

cdma pdsn cac cpu ?

<30-90> Value

cdma pdsn cluster controller

To configure the PDSN to operate as a cluster controller, and to configure various parameters on the cluster controller, use the cdma pdsn cluster controller command. To disable certain cluster controller parameters, use the no form of this command.

Syntax Description

Interface name on which the cluster controller has IP connectivity to the cluster members.

timeout

The time the cluster controller waits to seek a member when there is no reply from that cluster member. The range is between 10 and 300 seconds, and the default value is 300 seconds.

window number

The number of sequential seek messages sent to a cluster member before it is presumed offline.

Defaults

The timeout default value is 10 seconds and the default value for option window is 2.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Examples

The following example shows how to enable the cdma cluster controller:

cdma pdsn cluster controller interface FastEthernet1/0

cdma pdsn cluster controller member

To enable the periodic process to flush the dangling session records on the controller, enable the cluster controller to use CAC parameters to distribute the load, and enable the member selection policy, use the cdma pdsn cluster controller member command in global configuration mode. Use the no form of the command to disable this feature.

Defaults

Command Modes

Command History

Examples

The following example shows how to enable the cdma pdsn cluster controller member reva-support command:

Router(config)#cdma pdsn cluster controller member ?

periodic-update Receive periodic session info from members

reva-support Member reva-support

selection-policy Member selection policy

cdma pdsn cluster controller pcf group

To perform PCF redirection in a cluster controller, the PCF and PDSN groups must be configured. Use the cdma pdsn cluster controller pcf group command in global configuration mode to configure a list of PCF IP addresses under a group. Use the no form to remove the configured PCF group.

cdma pdsn cluster controller pcf group Group Number

no cdma pdsn cluster controller pcf group Group Number

Syntax Description

Group Number

Indicates the PCF group number.

Defaults

No default keywords or arguments.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Usage Guidelines

Using the command, you can configure a single or a list of PCF IP addresses under one group. You cannot configure overlapping PCF IP addresses within same or different groups.

Examples

The following example shows how to configure a PCF group in a cluster controller:

PDSN(config)# cdma pdsn cluster controller ?

interface Name of the interface to use to cluster with members

member Configure member parameters

pcf PCF Group

pdsn PDSN Group

queueing Request queueing for controller

redirect PDSN Redirection

rp-signaling-proxy Proxy R-P signaling to PDSN cluster members

session-high Configure cluster controller high session water mark

session-low Configure cluster controller low session water mark

standby Enable hotstandby support

timeout Time without msg from a member until controller seeks

this member

window Sequential seek msgs sent to member before it is presumed

offline

PDSN(config)# cdma pdsn cluster controller pcf ?

group PCF Group

PDSN(config)# cdma pdsn cluster controller pcf group ?

<1-100> PCF Group number

PDSN(config)# cdma pdsn cluster controller pcf group 1

PDSN(config-pcf-group)# ?

description Group description

exit Exit from PCF group mode

no negate values of a command

pcf PCF Addresses

PDSN(config-pcf-group)# description ?

WORD PCF group description

PDSN(config-pcf-group)# descri

PDSN(config-pcf-group)# description PCF_G1

PDSN(config-pcf-group)#

PDSN(config-pcf-group)# pcf ?

A.B.C.D Start IP Address

PDSN(config-pcf-group)# pcf 2.2.2.2 ?

A.B.C.D End IP address

<cr>

PDSN(config-pcf-group)# pcf 2.2.2.2 3.3.3.3

PDSN(config-pcf-group)# end

PDSN#

PDSN# sh run | section pcf group

cdma pdsn cluster controller pcf group 1

description PCF_G1

pcf 2.2.2.2 3.3.3.3

PDSN#

cdma pdsn cluster controller pdsn group

To perform PCF redirection in a cluster controller, the PCF and PDSN groups must be configured. Use the cdma pdsn cluster controller pdsn group command in global configuration mode to configure a list of PDSN IP addresses under a group. Use the no form to remove the configured PDSN group.

cdma pdsn cluster controller pdsn group Group Number

no cdma pdsn cluster controller pdsn group Group Number

Syntax Description

Group Number

Indicates the PDSN group number.

Defaults

No default keywords or arguments.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Usage Guidelines

Use the command to configure a single or a list of PDSN IP addresses under one group. You cannot configure overlapping PDSN IP addresses within same or different groups. Configure one primary PDSN IP address under one PDSN group, and use it whenever you have to select one PDSN from the given PDSN group.

Examples

The following example shows how to configure PDSN group in a cluster controller:

cdma pdsn cluster controller redirect

To perform IMSI or PCF redirection in a cluster controller, use the cdma pdsn cluster controller redirect command in global configuration mode to configure a list of PDSN IP addresses under a group. Use the no form to remove the redirection configuration in the controller.

cdma pdsn cluster controller redirect

no cdma pdsn cluster controller redirect

Syntax Description

This command has no arguments or keywords.

Defaults

No default keywords or arguments.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Usage Guidelines

Use the command to configure IMSI or PCF redirection in a cluster controller.

Examples

The following examples show how to configure IMSI redirection in a cluster controller:

PDSN(config)# cdma pdsn cluster controller ?

interface Name of the interface to use to cluster with members

member Configure member parameters

pcf PCF Group

pdsn PDSN Group

queueing Request queueing for controller

redirect PDSN Redirection

rp-signaling-proxy Proxy R-P signaling to PDSN cluster members

session-high Configure cluster controller high session water mark

session-low Configure cluster controller low session water mark

standby Enable hotstandby support

timeout Time without msg from a member until controller seeks

this member

window Sequential seek msgs sent to member before it is presumed

offline

PDSN(config)# cdma pdsn cluster controller redirect

PDSN(config-redirect)#?

exit Exit from PCF group mode

imsi IMSI redirection

no negate values of a command

pcf PCF redirection

PDSN(config-redirect)# imsi ?

WORD Start IMSI number

PDSN(config-redirect)# imsi 123456789012345 ?

WORD End IMSI number

pdsn PDSN Group

PDSN(config-redirect)# imsi 123456789012345 123456789013400 ?

pdsn PDSN Group

PDSN(config-redirect)# imsi 123456789012345 123456789013400 pdsn ?

<1-100> PDSN Group number

[Note] PDSN group must be configured before configuring the IMSI redirection.

PDSN(config-redirect)# imsi 123456789012345 123456789013400 pdsn 2 ?

force Configure Force option

<cr>

Note When you configure the force option of this command, the primary IP address configured under the PDSN group is used by default for IMSI redirection. It ignores the other PDSN IP addresses configured under the PDSN group. To configure the force option of this command, you have to configure the primary IP address under the PDSN group.

PDSN(config-redirect)# imsi 123456789012345 123456789013400 pdsn 2

PDSN(config-redirect)# end

PDSN#

PDSN# sh run | section redirect

cdma pdsn cluster controller redirect

imsi 123456789012345 123456789013400 pdsn 2

PDSN#

Example for PCF redirection configuration:

PDSN(config)# cdma pdsn cluster controller ?

interface Name of the interface to use to cluster with members

member Configure member parameters

pcf PCF Group

pdsn PDSN Group

queueing Request queueing for controller

redirect PDSN Redirection

rp-signaling-proxy Proxy R-P signaling to PDSN cluster members

session-high Configure cluster controller high session water mark

session-low Configure cluster controller low session water mark

standby Enable hotstandby support

timeout Time without msg from a member until controller seeks

this member

window Sequential seek msgs sent to member before it is presumed

offline

PDSN(config)# cdma pdsn cluster controller red

PDSN(config)# cdma pdsn cluster controller redirect

PDSN(config-redirect)#

PDSN(config-redirect)# ?

exit Exit from PCF group mode

imsi IMSI redirection

no negate values of a command

pcf PCF redirection

PDSN(config-redirect)# pcf ?

<1-100> PCF Group number

PDSN(config-redirect)# pcf 1 ?

pdsn PDSN Group

Note You need to configure the PCF group before you configure the PCF redirection.

PDSN(config-redirect)# pcf 1 pdsn ?

<1-100> PDSN Group number

Note You need to configure the PDSN group before you configure the IMSI redirection.

PDSN(config-redirect)# pcf 1 pdsn 2 ?

force Configure Force option

<cr>

Note When you configure the force option of this command, the primary IP address configured under the PDSN group is used by default for IMSI redirection. It ignores the other PDSN IP addresses configured under the PDSN group. To configure the force option of this command, you have to configure the primary IP address under the PDSN group.

PDSN(config-redirect)# pcf 1 pdsn 2 force

PDSN(config-redirect)# end

PDSN#

PDSN# sh run

PDSN# sh run | section redirect

cdma pdsn cluster controller redirect

pcf 1 pdsn 2 force

PDSN#

cdma pdsn cluster controller session-high

To generate an alarm when the controller reaches the upper threshold of the maximum number of sessions it can handle, use the cdma pdsn cluster member session-high command. To disable this feature, use the no form of this command.

cdma pdsn cluster controller session-high 1-1000000

no cdma pdsn cluster controller session-high 1-1000000

Syntax Description

1-1000000

The threshold of the maximum number of sessions the controller can handle.

Defaults

The range is 1-1000000. The configured value should be more than the lower threshold value. The default value is 200000.

Command Modes

Global configuration

Command History

Release

Modification

12.2(8)ZB1

This command was introduced.

Usage Guidelines

You should take into account the number of members in the cluster when you configure the high threshold. For example, if there are only 2 members in the cluster, the high threshold should be less than 40000.

Examples

The following example shows how to enable the cdma pdsn cluster controller session-high command:

Received SNMPv1 Trap:

Community: public

Enterprise: cCdmaPdsnMIBNotifPrefix

Agent-addr: 9.15.72.15

Enterprise Specific trap.

Enterprise Specific trap: 8

Time Ticks: 9333960

cCdmaServiceAffectedLevel.0 = major(3)

cCdmaClusterSessHighThreshold.0 = 50

cdma pdsn cluster controller session-low

To generate an alarm when the controller reaches the lower threshold of the sessions (hint to NOC that the system is being under utilized), use the cdma pdsn cluster member session-low command. To disable this feature, use the no form of this command.

cdma pdsn cluster controller session-low 1-999999

no cdma pdsn cluster controller session-low 1-999999

Syntax Description

1-999999

The threshold of the maximum number of sessions the controller can handle.

Defaults

The range is 0-999999. The configured value should be less than the upper threshold value. The default value is 190000.

Command Modes

Global configuration

Command History

Release

Modification

12.2(8)ZB1

This command was introduced.

Usage Guidelines

You should take into account the number of members in the cluster when you configure the low threshold.

Examples

The following example shows how to enable the cdma pdsn cluster controller session-low command:

Received SNMPv1 Trap:

Community: public

Enterprise: cCdmaPdsnMIBNotifPrefix

Agent-addr: 9.15.72.15

Enterprise Specific trap.

Enterprise Specific trap: 9

Time Ticks: 9330691

cCdmaServiceAffectedLevel.0 = major(3)

cCdmaClusterSessLowThreshold.0 = 10

cdma pdsn cluster member

To configure the PDSN to operate as a cluster member, and to configure various parameters on the cluster member, use the cdma pdsn cluster member command. To disable certain cluster controller parameters, use the no form of this command.

Syntax Description

The controller that a specific member is connected to, identified by the controller's IP address.

interface

Interface name on which the cluster controller has IP connectivity to the cluster members.

prohibit

The type of traffic that the member is allowed to handle, or is prohibited from handling. Administratively prohibits member from accepting new data sessions within the cluster framework.

timeout

The time the cluster controller waits to seek a member when there is no reply from that cluster member. The range is between 10 and 600 seconds, and the default value is 300 seconds.

window number

The number of sequential seek messages sent to a cluster member before it is presumed offline.

Defaults

The default timeout value for the cluster member is 10 seconds.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.4(22)XR

Support for queueing is removed in this release.

Usage Guidelines

The prohibit field enables a member to administratively rid itself of its load without service interruption. When enabled, the member is no longer given any new data sessions by the controller.

Examples

The following example shows how to enable a cdma pdsn cluster member:

cdma pdsn cluster member interface FastEthernet1/0

cdma pdsn cluster member periodic-update

To enable sending only bulk-update on a member PDSN, use the cdma pdsn cluster member periodic-update command in Global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn cluster member periodic-update time

no cdma pdsn cluster member periodic-update time

Syntax Description

time

The time between when the member sends periodic bulk-updates. The time can be between 300 to 3000 msecs.

Defaults

The default value is 1000 ms.

Command Modes

Global configuration

Command History

Release

Modification

12.3(8)XW

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn cluster member periodic-update command:

Router# cdma pdsn cluster member periodic-update 1000

cdma pdsn cluster member prohibit administratively

To separate a member PDSN out of the cluster use the cdma pdsn cluster member prohibit administratively command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn cluster member prohibit administratively

no cdma pdsn cluster member prohibit administratively

Syntax Description

This command has no arguments or keywords.

Defaults

There are no default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.2(8)BY1

This command was introduced.

Usage Guidelines

Note By default the same HSRP interface is used for both the active and standby controller seek message exchanges, and active and standby record sync. If you choose to not use the HSRP address, and instead use a loopback address, issue this command.

The status of the member is updated to the controller in a subsequent periodic keepalive reply message the member sends to the controller. When the controller receives the message, it does not select this member for any of the new incoming calls. The member PDSNs that are prohibited administratively can be displayed on the controller using the show cluster controller member prohibited administratively command.

Examples

The following example shows how to enable the use of the cdma pdsn cluster member prohibit administratively command.

Router# cdma pdsn cluster member prohibit administratively

cdma pdsn compliance

To configure PDSN behavior to comply with various standards, use the cdma pdsn compliance command in global configuration mode. Use the no form of the command to disable this function.

cdma pdsn compliance [iosv4.1] [sdb] [is835a] [is835c]

no cdma pdsn compliance [iosv4.1] [sdb] [is835a] [is835c]

Syntax Description

iosv4.1

Configures compliance to 3GPP2-IOS v4.1 features.

sdb

Configures PDSNs to process SDB record sent from PCF as per IOS4.1 Standard.

is835a

Configures IS835A-compliant behavior.

is835c

Configures IS835C-compliant behavior.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF1

This command was introduced.

12.3(11)YF2

The sdb keyword was introduced.

Examples

The following example shows how to enable one instance of the cdma pdsn compliance command:

Router# cdma pdsn compliance is835a

cdma pdsn compliance hrpd ipflow-discriminator

To configure PDSN to send the IP Flow Discriminator of 3 bytes without reserved bytes in the A10s, use the cdma pdsn compliance hrpd ipflow-discriminator command in the global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn compliance hrpd ipflow-discriminator

no cdma pdsn compliance hrpd ipflow-discriminator

Syntax Description

This command has no arguments or keywords.

Defaults

By default the command is disabled.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn compliance hrpd ipflow-discriminator command:

PDSN(config)# cdma pdsn compliance hrpd ipflow-discriminator

cdma pdsn compliance iosv4.1 session-reference

3GPP2 IOS version 4.2 mandates that the Session Reference ID in the A11 Registration Request is always set to 1. To configure the PDSN to interoperate with a PCF that is not compliant with 3GPP2 IOS version 4.2, use the cdma pdsn compliance iosv4.1 session-reference command in Global configuration mode. To disable this configuration, use the no form of this command.

cdma pdsn compliance iosv4.1 session-reference

no cdma pdsn compliance iosv4.1 session-reference

Syntax Description

This command has no arguments or keywords.

Defaults

Session Reference ID set to 1 in the A11 registration Request is on by default.

Command Modes

Global configuration.

Command History

Release

Modification

12.2(8)BY1

This command was introduced.

Examples

The following example shows how to instruct the PDSN to skip any checks done on the session reference id of incoming Registration Requests to ensure that they are set to 1.

Related Commands

cdma pdsn dos

To enable dos, use the cdma pdsn dos command in global configuration mode. Use the no form of the command to disable this function.

cdma pdsn dos

no cdma pdsn dos

Syntax Description

This command has no arguments or keywords.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn dos command:

Router(config)# cdma pdsn dos

cdma pdsn debug show-conditions

To configure the PDSN to print the username/IMSI along with the debugs even without configuring conditional debugging, use the cdma pdsn debug show-conditions command in global configuration mode. Use the no form of the command to disable this function.

Syntax Description

This command has no arguments or keywords.

Defaults

The default value is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX

This command was introduced.

Usage Guidelines

When the debug conditions match, every line of the debug message is prefixed with either the username or the IMSI (not both), depending on the condition set.

This behavior is controlled through the cdma pdsn debug show-condition and ip mobile debug include username commands. If conditional debugging is enabled without these CLI being configured, the username/IMSI is not displayed in the debugs. However, if the above CLIs are configured without configuring conditional debugging, the username/IMSI is printed along with the debugs.

Examples

The following example shows how to enable username and IMSI printing in the debugs:

Router(config)#cdma pdsn debug show-condition

cdma pdsn failure-history

To configure CDMA PDSN SNMP session failure history size, use the cdma pdsn failure-history command in global configuration mode. To return to the default length of time, use the no form of this command.

cdma pdsn failure-history entries

no cdma pdsn failure-history

Syntax Description

entries

Maximum number of entries that can be recorded in the SNMP session failure table. Possible values are 0 through 2000.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how to specify 1000 as the maximum number of entries that can be recorded in the SNMP session table:

cdma pdsn failure-history 1000

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

snmp-server enable traps cdma

Specifies the community access string to permit access to the SNMP protocol.

cdma pdsn imsi-min-equivalence

To support inter technology handoff of 1xRTT from Evolved Data Optimized (EVDO) or to EVDO, use the cdma pdsn imsi-min-equivalence command inglobal configuration mode. To disable the support, use the no form of this command.

cdma pdsn imsi-min-equivalence

no cdma pdsn imsi-min-equivalence

Configure the cdma pdsn imsi-min-equivalence command in a fresh server with no sessions.

Syntax Description

This command has no arguments or keywords.

Defaults

There are no default values for this command.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable cdma pdsn imsi-min-equivalence command:

Router(config)# cdma pdsn imsi-min-equivalence

Show output when the mobile subscriber id (msid) number is lesser than 11 digits:

PDSN-ACT# show cdma pdsn session msid 45678987655

Mobile Station ID IMSI 112345678987655

PCF IP Address 4.0.0.1, PCF Session ID 1

A10 connection time 00:02:33, registration lifetime 20000 sec

Number of successful A11 re-registrations 0

Remaining session lifetime 19846 sec

Always-On not enabled for the user

Current Access network ID 0004-0000-01

Last airlink record received is Active Start, airlink is active

GRE protocol type is 0x8881

GRE sequence number transmit 13, receive 0

Using interface Virtual-Access3, status OPN

Using AHDLC engine on slot 0, channel ID 2

Service Option 1xRTT Flow Discrimination 0 DSCP Included 0

Flow Count forward 0 reverse 0

This session has 1 flow

This session has 0 service flows

Session Airlink State Active

This session has 0 TFTs

Qos subscriber profile

Show output when the mobile subscriber id (msid) number is lesser than 10 digits:

PDSN-ACT# show cdma pdsn session msid 5678987655

Mobile Station ID IMSI 112345678987655

PCF IP Address 4.0.0.1, PCF Session ID 1

A10 connection time 00:02:48, registration lifetime 20000 sec

Number of successful A11 re-registrations 0

Remaining session lifetime 19831 sec

Always-On not enabled for the user

Current Access network ID 0004-0000-01

Last airlink record received is Active Start, airlink is active

GRE protocol type is 0x8881

GRE sequence number transmit 13, receive 0

Using interface Virtual-Access3, status OPN

Using AHDLC engine on slot 0, channel ID 2

Service Option 1xRTT Flow Discrimination 0 DSCP Included 0

Flow Count forward 0 reverse 0

This session has 1 flow

This session has 0 service flows

Session Airlink State Active

This session has 0 TFTs

Qos subscriber profile

cdma pdsn ingress-address-filtering

To enable ingress address filtering, use the cdma pdsn ingress-address-filtering command in global configuration mode. To disable ingress address filtering, use the no form of this command.

cdma pdsn ingress-address-filtering

no cdma pdsn ingress-address-filtering

Syntax Description

This command has no arguments or keywords.

Defaults

Ingress address filtering is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

When this command is configured, the PDSN checks the source IP address of every packet received on the PPP link from the mobile station. If the address is not associated with the PPP link to the mobile station and is not an MIP RRQ or Agent Solicitation, then the PDSN discards the packet and sends a request to reestablish the PPP link.

Examples

The following example shows how to enable ingress address filtering:

cdma pdsn ingress-address-filtering

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

show cdma pdsn session

Displays the session information on the PDSN.

cdma pdsn ipv6

To enable the PDSN IPv6 functionality, use the cdma pdsn ipv6 command in global configuration mode. Use the now form of the command to disable this function.

cdma pdsn ipv6 {ra-count 1-5 [ra-interval 1-1800]}

no cdma pdsn ipv6 {ra-count 1-5 [ra-interval 1-1800]}

Syntax Description

ra-count

Route Advertisement count determines how many Routing Advertisements (RAs) to send out to the MN.

1-5

Number of IIPV6 route advertisements sent: the default value is 1.

ra-interval

Route Advertisement interval determines how often Routing Advertisements (RAs) are sent to the MN.

1-1800

The interval between IPv6 RAs sent (the unit of measure is in seconds, and the default value is 5).

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)XY

This command was introduced.

Usage Guidelines

If the cdma pdsn ipv6 command is not entered, and a PDSN session is brought up with IPv6, the session is terminated and the following message displayed:

%CDMA_PDSN-3-PDSNIPV6NOTENABLED: PDSN IPv6 feature has not been enabled.

Examples

The following example shows how to control the number and interval Routing Advertisements sent to the MN when an IPv6CP session comes up:

Router(config)# cdma pdsn ipv6ra-count 2 ra-interval 3

cdma pdsn maximum pcf

To set the maximum number of PCFs that can connect to a PDSN, use the cdma pdsn maximum pcf command in global configuration mode. To disable a configured limit, use the no form of this command.

cdma pdsn maximum pcf maxpcf

no cdma pdsn maximum pcf

Syntax Description

maxpcf

Maximum number of PCFs that can communicate with a PDSN. Possible values are 1 through 2000.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

If no maximum number of PCFs is configured, the only limitation is the amount of memory.

You can configure the maximum PCFs to be less than the existing PCFs. As a result, when you issue the show cdma pdsn command, you may see more existing PCFs than the configured maximum. It is the responsibility of the user to bring down the existing PCFs to match the configured maximum.

Examples

The following example shows how to specify 200 as the maximum PCFs that can be sent:

cdma pdsn maximum pcf 200

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

cdma pdsn maximum sessions

To set the maximum number of mobile sessions allowed on a PDSN, use the cdma pdsn maximum sessions command in global configuration mode. To disable a configured limit, use the no form of this command.

cdma pdsn maximum sessions maxsessions

no cdma pdsn maximum sessions

Syntax Description

maxsessions

Maximum number of mobile sessions allowed on a PDSN. Possible values depend on which image you are using.

Defaults

The c-5 images support 8000 sessions, and the c-6 images support 20000 sessions.

The PDSN 4.0 Release supports 25000 sessions.

The PDSN 5.0 Release supports 175000 sessions.

Command Modes

Global Configuration.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(8)BY

The maximum number of mobile sessions was raised to 20000.

12.4(15)xx

The maximum number of mobile sessions was raised to 25000.

12.4(22)XR

The maximum number of mobile sessions was raised to 175000.

Usage Guidelines

If PDSN runs out of resources before the configured number is reached, the PDSN rejects the creation of further sessions.

You can configure the maximum sessions to be less than the existing sessions. As a result, when you issue the show cdma pdsn command, you may see more existing sessions than the configured maximum. It is the responsibility of the user to bring down the existing sessions to match the configured maximum.

Examples

The following example shows how to set the maximum number of mobile sessions to 100:

cdma pdsn maximum sessions 100

Related Commands

Command

Description

show cdma pdsn session

Displays PDSN session information.

cdma pdsn mobile-advertisement-burst

To configure the number and interval of Agent Advertisements that a PDSN FA can send, use the cdma pdsn mobile-advertisement-burst command in either interface or global configuration mode. To reset the configuration to the defaults, use the no form of this command.

cdma pdsn mobile-advertisement-burst {number value | interval msec}

no cdma pdsn mobile-advertisement-burst {number | interval}

Syntax Description

number value

The number of agent advertisements. Possible values are 1 through 10. The default is 5.

interval msec

Specifies the interval, in milliseconds, between advertisements. Possible values are 50 through 500. The default is 200 milliseconds.

Defaults

The default number of agent advertisements to send is 5.

The default interval between advertisements is 200 milliseconds.

Command Modes

Interface or Global configuration.

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

You must specify at least one of the optional parameters. Otherwise, the command has no effect. When virtual-access interfaces are created from the virtual template, default values are used for any parameters not already configured on the virtual template.

This command should be configured on virtual templates only, and only when PDSN service is configured.

Examples

The following example shows how to configure PDSN FA advertisement:

cdma pdsn mobile-advertisement-burst number 10 interval 500

Related Commands

Command

Description

ip mobile foreign-service challenge

Configures the challenge timeout value and the number of valid recently-sent challenge values.

ip mobile foreign-service challenge forward-mfce

Enables the FA to forward MFCE and mobile station-AAA to the HA.

cdma pdsn msid-authentication

To enable MSID-based authentication and access, use the cdma pdsn msid-authentication command in global configuration mode. To disable MSID-based authentication and access, use the no form of this command.

Syntax Description

close-session-on-failure

Closes the session if authorization fails.

imsi number

(Optional) The number digits from the International Mobile Station Identifier (IMSI) that are to be used as the User-Name in the Access-Request for MSID authentication. Possible values are 1 to 15. The default is 5.

irm number

(Optional) International Roaming Mobile Identification Number and the identifier used to retrieve the network profile from the RADIUS server. Possible values are 1 through 10. The default is 4.

min number

(Optional) Mobile Identification Number and the identifier used to retrieve the network profile from the RADIUS server. Possible values are 1 through 10. The default is 6.

profile-password password

(Optional) The AAA server access password for MSID-based authentication. The default is "cisco".

Defaults

MSID authentication is disabled. When enabled, the default values are as follows:

•imsi: 5

•irm: 4

•min: 6

•profile-password: cisco

Command Modes

Global Configuration.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(2)XC

The profile-password keyword was added.

12.2(8)ZB1

The close-session-on-failure keyword was added

Usage Guidelines

MSID authentication provides Simple IP service for mobile stations that do not negotiate CHAP or PAP. Cisco PDSN retrieves a network profile based on the MSID from the RADIUS server. The network profile should include the internet realm of the home network that owns the MSID. Cisco PDSN constructs the NAI from the MSID and the realm. The constructed NAI is used in generated accounting records. If the PDSN is unable to obtain the realm, then it denies service to the mobile station.

The identifier used to retrieve the network profile from the RADIUS server depends on the format of the MSID, which can be one of the following:

•International Mobile Station Identity (IMSI)

•Mobile Identification Number (MIN)

•International Roaming MIN (IRM)

If the mobile station uses IMSI, the default identifier that PDSN uses to retrieve network profile is of the form "IMSI-nnnnn" where "nnnnn" is the first five digits of the IMSI. The number of digits from the IMSI to be used can be configured using the command cdma pdsn msid-authentication imsi.

If the mobile station uses MIN, the default identifier that PDSN uses to retrieve network profile is of the form "MIN-nnnnnn" where "nnnnnn" is the first six digits of the MIN. The number of digits from the MIN to be used can be configured using the command cdma pdsn msid-authentication min.

If the mobile station uses IRM, the default identifier that PDSN uses to retrieve network profile is of the form "IRM-nnnn" where "nnnn" is the first four digits of the IRM. The number of digits from the IRM to be used can be configured using the command cdma pdsn msid-authentication irm.

The realm should be defined in the network profile on the RADIUS user with the Cisco AVPair attribute cdma:cdma-realm.

Examples

The following example shows how to enable MSID-based authentication and access:

cdma pdsn msid-authentication profile-password test1

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

cdma pdsn multiple service-flows

To enable the Multiple flow support feature, use the cdma pdsn multiple service-flows command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn multiple service-flows [maximumnumber]

no cdma pdsn multiple service-flows [maximumnumber]

Syntax Description

Command

Description

maximumnumber

Defines the maximum number of auxiliary A10s that can be created between the PDSN and the PCF. The default number of auxiliary A10s allowed is 7.

Defaults

The default number of auxiliary A10s allowed is 7. Main A10 also should be included here.

Command Modes

Global configuration mode.

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Usage Guidelines

Configure the cdma pdsn multiple service-flows command on the controller PDSN (no need for maximum number of connections).

Examples

The following example shows how to enable the cdma pdsn multiple service-flows command:

)# cdma pdsn multiple service-flows ?

maximum Maximum limit

qos Configure qos parameters

<cr>

Router# cdma pdsn multiple service-flows

Router# cdma pdsn multiple service-flows maximum 8

cdma pdsn multiple service-flows qos remark-dscp

To configure the DSCP remark value used for marking data packets, use the cdma pdsn multiple service-flows qos remark-dscp command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn multiple service-flows qos remark-dscp value

no cdma pdsn multiple service-flows qos remark-dscp value

Syntax Description

Command

Description

value

Used for marking when the data packets from the mobile towards the internet is determined to have the DSCP not within the allowed dscp value for that mobile

Command Default

There are no default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Usage Guidelines

This command configures the DSCP remark value used for marking when the data packets from the mobile towards the internet are determined to have a DSCP value that is not within the allowed DSCP values for that mobile. Here are the values:

Router# cdma pdsn multiple service-flows qos remark-dscp ?

AF11 AF11

AF12 AF12

AF13 AF13

AF21 AF21

AF22 AF22

AF23 AF23

AF31 AF31

AF32 AF32

AF33 AF33

AF41 AF41

AF42 AF42

AF43 AF43

Default Selector Class 0

EF EF

class1 Selector Class 1

class2 Selector Class 2

class3 Selector Class 3

class4 Selector Class 4

class5 Selector Class 5

class6 Selector Class 6

class7 Selector Class 7

Examples

The following example shows how to enable the cdma pdsn multiple service-flows qos remark-dscp command:

Router# cdma pdsn multiple service-flows qos remark-dscp AF11

cdma pdsn multiple service-flows qos remark-maxclass

To map the Differentiated Services Code Point (DSCP) value of the unauthorized packet (upstream) to a DSCP value on per-user basis, use the cdma pdsn multiple service-flows qos remark-maxclass command in global configuration mode. Use the no form of the command to disable this feature.

This command enables PDSN to map the DSCP value of the packet to the max-class value that is either downloaded from AAA or configured locally.

cdma pdsn multiple service-flows qos remark-maxclass

no cdma pdsn multiple service-flows qos remark-maxclass

Syntax Description

There are no keywords or arguments for this command.

Command Default

There are no default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn multiple service-flows qos remark-maxclass command:

Router(config)# cdm pds multiple service-flows qos remark-maxclass

cdma pdsn multiple service-flows qos subscriber profile

To configure the local subscriber qos profile, use the cdma pdsn multiple service-flows qos subscriber profile command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn multiple service-flows qos subscriber profile

no cdma pdsn multiple service-flows qos subscriber profile

Syntax Description

There are no keywords or arguments for this command.

Command Default

There are no default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Usage Guidelines

This profile is used for a MN when the Subscriber QoS profile is not downloaded from AAA.

Examples

The following example shows how to enable the cdma pdsn multiple service-flows qos subscriber profile command:

Router(config)# cdm pds multiple service-flows qos subscriber profile

Router(config-qos-profile)#

Eg:

cdma pdsn multiple service-flows qos subscriber profile

cdma pdsn pcf

To enable sending of vendor specific attributes in subscriber QoS profile based on the PCF, use the cdma pdsn pcf ip-address command in global configuration mode. Use the no form of the command to disable this feature.

Syntax Description

Defaults

The default value is that the home area attribute is not sent to the PCF.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XN

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn pcf command to configure vendor-id for a set of PCFs:

Router (config)# cdma pdsn pcf10.1.1.1 10.1.1.50 vendor-id 3729

cdma pdsn qos policy flow-only

To enable flow-based policy, use the cdma pdsn qos policy flow-only command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn qos policy flow-only

no cdma pdsn qos policy flow-only

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdmapdsnqos policy flow-only command:

Router(config)# cdma pdsn qos policy flow-only

cdma pdsn radius disconnect

To enable support for Radius Disconnect on the Cisco PDSN, use the cdma pdsn radius disconnect command in Global configuration. Use the no form of the command to disable this feature.

cdma pdsn radius disconnect [nai]

no cdma pdsn radius disconnect [nai]

Syntax Description

nai

(Optional) Indicates whether to enable processing of Disconnect Request received with only the NAI attribute.

Defaults

By default the PDSN does not process a Disconnect Request received with only the nai attribute.

Command Modes

Global Configuration

Command History

Release

Modification

12.3(11)YF

This command was introduced.

Usage Guidelines

By default the PDSN does not process a Disconnect Request received with only NAI attribute. In a Service provider environment all simple IP sessions can be opened with the same user-name (and in case of Resource Management for sessions), therefore, a session identification attribute is sent in Disconnect Request. Additionally, the overhead to maintain tables relating sessions and NAI can be avoided in such cases.

But if the PDSN can receive a Disconnect Request with only an NAI attribute in a particular environment, then nai keyword should be configured.

This configuration sets the Session Termination Capability VSA value to 1. The presence of other feature configurations (like MIP Revocation) can alter that value.

Examples

The following example shows how to enable the cdmapdsnradius disconnect command:

Router(config)#cdma pdsn radius disconnect nai

cdma pdsn redirect imsi

To perform IMSI redirection on a standalone PDSN, use the cdma pdsn redirect imsi command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn redirect imsi IMSI ending IMSI member Member-IP

no cdma pdsn redirect imsi IMSI

Syntax Description

IMSI

Indicates the single or starting IMSI value.

Ending IMSI

Indicates the ending IMSI value.

Member-IP

Indicates the redirected PDSN IP address.

Defaults

No default keywords or arguments.

Command Modes

Global configuration

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Usage Guidelines

You can configure the command for a single or a range of IMSI values. If both the values in the range are equal, then the command takes only the single IMSI value. If you enable the cdma pdsn imsi-min-equivalence command, only lower10 digits of the configured IMSI values are used effectively for the IMSI redirection.

Examples

The following example shows how to configure IMSI redirection for a Standalone PDSN for a range of IMSIs:

cdma pdsn redundancy

To enable the active PDSN to synchronize the session and flow related data to its standby peer, use the cdma pdsn redundancy command in global configuration mode. Use the no form of the command to disable this function.

cdma pdsn redundancy

no cdma pdsn redundancy

Syntax Description

There are no arguments or keywords for this command.

Defaults

The default setting is that PDSN redundancy is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn redundancy command:

Router (config)# cdma pdsn redundancy

cdma pdsn redundancy accounting send vsa swact

To send the Cisco VSA (cdma-rfswact) in first interim/stop record after switchover, use the cdma pdsn redundancy accounting send vsa swact command in Global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn redundancy accounting send vsa swact

no cdma pdsn redundancy accounting send vsa swact

Syntax Description

There are no keywords or arguments for this command.

Defaults

By default, this command is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX

This command was introduced.

Usage Guidelines

After a switchover takes place, the first interim or stop accounting record (as appropriate) includes a VSA (cdma-rfswact) indicating that a switchover has occurred. The inclusion of this VSA is controllable through this CLI.

If periodic syncing is enabled, you cannot configure the cdma pdsn redundancy accounting send vsa swact command, and vice-versa, as the two approaches are mutually exclusive.

Note Neither the cdma pdsn redundancy accounting send vsa swact command, or periodic syncing can be configured if the cdma pdsn redundancy command is not configured.

Examples

The following example shows how to enable the cdma pdsn redundancy accounting send vsa swact command:

Router(config)# cdma pdsn redundancy accounting send vsa swact

cdma pdsn redundancy accounting update-periodic

To enable the active PDSN to periodically synchronize accounting counters, and to synch accounting information between the active and standby in Session Redundancy environment, use the cdma pdsn redundancy accounting update-periodic command in global configuration mode. To disable this feature, use the no form of the command.

cdma pdsn redundancy accounting [update-periodic]

no cdma pdsn redundancy accounting[update-periodic]

Syntax Description

update-periodic

Syncs the G1/G2 and Packets In/Out with interim AAA updates, and closes the session if authorization fails.

Defaults

By default, this command is disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.3(14)YX

This command was introduced.

Usage Guidelines

When configured, the byte and packet counts for each flow are synced from the active to the standby unit (only if they undergo a change) at the configured periodic accounting interval (using aaa accounting update periodicxxx). If periodic accounting is not configured, the byte and packet counts are not synced.

Examples

The following example shows how to enable the cdma pdsn redundancy accounting update-periodic command:

Router(config)# cdma pdsn redundancy accounting update-periodic

cdma pdsn retransmit a11-update

To specify the maximum number of times an A11 Registration Update message is retransmitted, use the cdma pdsn retransmit a11-update command in global configuration mode. To return to the default of 5 retransmissions, use the no form of this command.

cdma pdsn retransmit a11-update number

no cdma pdsn retransmit a11-update

Syntax Description

number

Maximum number of times an A11 Registration Update message is retransmitted. Possible values are 0 through 9. The default is 5 retransmissions.

Defaults

5 retransmissions.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

PDSN may initiate the release of an A10 connection by sending an A11 Registration Update message to the PCF. In this case, the PCF is expected to send an A11 Registration Acknowledge message followed by an A11 Registration Request with Lifetime set to 0. If PDSN does not receive an A11 Registration Acknowledge or an A11 Registration Request with Lifetime set to 0, or if it receives an A11 Registration Acknowledge message with an update denied status, PDSN retransmits the A11 Registration Update. The number of retransmissions is 5 by default and can be modified using this command.

Examples

The following example shows how to set 9 as the maximum number of times for A11 Registration Update messages to be retransmitted:

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

The SPI is the 4-byte index that selects the specific security parameters to be used to authenticate the peer. The security parameters consist of the authentication algorithm and mode, replay attack protection method, timeout, and IP address.

Examples

The following example shows how to set a security association for a cluster of PDSNs:

cdma pdsn secure pcf

To configure the security association for one or more PCFs or the default security association for all PCFs, use the cdma pdsn secure pcf command. To remove this configuration, use the no form of the command.

Adds local timezone support for R-P messages. If this keyword is enabled, the timestamp sent in the R-P messages displays the timestamp of the local timezone.

Defaults

There are no default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.2(8)BY1

The local-timezone keyword was added.

Usage Guidelines

The SPI is the 4-byte index that selects the specific security parameters to be used to authenticate the peer. The security parameters consist of the authentication algorithm and mode, replay attack protection method, timeout, and IP address.

You can configure several explicit and default secure PCF entries. (An explicit entry being one in which the IP address of a PCF is specified.) When the PDSN receives an A11 message from a PCF, it attempts to match the message to a secure PCF entry as follows:

•The PDSN first checks the explicit entries and attempts to find a match based on the SPI value and the key.

•If a match is found, the message is accepted. If no match is found, the PDSN checks the default entries (again attempting to match the SPI and the key).

•If a match is found, the message is accepted. If no match is found, the message is discarded and an error message is generated.

When the PDSN receives a request from a PCF, it performs an identity check. As part of this check, the PDSN compares the timestamp of the request to its own local time and determines whether the difference is within a specified range. This range is determined by the replay time window. If the difference between the timestamp and the local time is not within this range, a request rejection message is sent back to the PCF along with the value of PDSN's local time.

Examples

The following example shows PCF 20.0.0.1, which has a key that is generated by the MD5 hash of the string:

cdma pdsn selection interface

To configure the interface used to send and receive PDSN selection messages, use the cdma pdsn selection interface command in global configuration mode. To remove the configuration, use the no form of the command.

cdma pdsn selection interface interface_name

no cdma pdsn selection interface

Syntax Description

interface_name

Name (type and number) of the interface that is connected to the LAN to be used to exchange PDSN selection messages with the other PDSNs in the cluster.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

Each PDSN in a cluster maintains information about the mobile stations connected to the other PDSNs in the cluster. All PDSNs in the cluster exchange this information using periodic multicast messages. For this reason, all PDSNs in the cluster should be connected to a shared LAN.

This command identifies the interface on the PDSN that is connected to the LAN used for sending and receiving PDSN selection messages.

The Intelligent PDSN Selection feature does not work if you do not configure this interface on each PDSN in the cluster.

Examples

The following example shows how to set FastEthernet0/1 interface for sending and receiving PDSN selection messages:

cdma pdsn selection interface FastEthernet0/1

Related Commands

Command

Description

cdma pdsn selection keepalive

Specifies the keepalive time.

cdma pdsn selection load-balancing

Enables the load-balancing function of the intelligent PDSN selection feature.

cdma pdsn selection session-table-size

Defines the size of the selection session database.

cdma pdsn selection keepalive

To configure the intelligent PDSN selection keepalive feature, use the cdma pdsn selection keepalive command in global configuration mode. To disable the feature, use the no form of this command.

cdma pdsn selection keepalive value

no cdma pdsn selection keepalive

Syntax Description

value

The keepalive value, in seconds. Possible values are 5 through 60.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how to configure a keepalive value of 200 seconds:

cdma pdsn selection keepalive 200

Related Commands

Command

Description

cdma pdsn selection load-balancing

Enables the load-balancing function of the intelligent PDSN selection feature.

cdma pdsn selection session-table-size

Defines the size of the selection session database.

show cdma pdsn selection

Displays the PDSN selection session table.

cdma pdsn selection load-balancing

To enable the load-balancing function of the intelligent PDSN selection feature, use the cdma pdsn selection load-balancing command in global configuration mode. To disable the load-balancing function, use the no form of this command.

cdma pdsn selection load-balancing [threshold val [alternate]]

no cdma pdsn selection load-balancing

Syntax Description

threshold val

(Optional) The maximum number of sessions that can be load-balanced. Possible values are 1 through 20000. The default session threshold is 100.

alternate

(Optional) The Alternate option alternately suggests two other PDSNs with the least load.

Defaults

The threshold value is 100 sessions.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(8)BY

The maximum number of sessions that can be load-balanced was raised to 20000.

Usage Guidelines

You must enable PDSN selection session-table-size first. If sessions in a PDSN go beyond the threshold, PDSN selection redirects the PCF to the PDSN that has less of a load.

Examples

The following example shows how to configure load-balancing with an advertisement interval of 2 minutes and a threshold of 50 sessions:

cdma pdsn selection load-balancing advertisement 2 threshold 50

Related Commands

Command

Description

cdma pdsn selection session-table-size

Defines the size of the selection session database.

show cdma pdsn session

Displays PDSN session information.

cdma pdsn selection session-table-size

In PDSN selection, a group of PDSNs maintains a distributed session database. To define the size of the database, use the cdma pdsn selection session-table-size command in global configuration mode. To disable PDSN selection, use the no form of this command.

cdma pdsn selection session-table-size size

no cdma pdsn selection session-table-size

Syntax Description

size

Session table size. Possible values are 2000 through 100000.

Defaults

PDSN selection is disabled.

The default session table size is undefined.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how to set the size of the distributed session database to 5000 sessions:

cdma pdsn selection session-table-size 5000

Related Commands

Command

Description

cdma pdsn selection load-balancing

Enables the load-balancing function of PDSN selection.

show cdma pdsn session

Displays PDSN session information.

cdma pdsn send-agent-adv

To enable agent advertisements to be sent over a newly formed PPP session with an unknown user class that negotiates IPCP address options, use the cdma pdsn send-agent-adv command in global configuration mode. To disable the sending of agent advertisements, use the no form of this command.

cdma pdsn send-agent-adv

no cdma pdsn send-agent-adv

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

This command is used with multiple flows.

Examples

The following example shows how to enable agent advertisements to be sent:

cdma pdsn send-agent-adv

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

cdma pdsn sm add mobile route

Host routes for mobiles are added to the TCOPs except in the case of single IP mobiles, where, the ARP request for the mobile IP address lands on the PCOP.

To configure the PCOP to respond to the ARP requests, use cdma pdsn sm add mobile route command in configuration mode. To disable the command, use the no form of this command.

cdma pdsn sm add mobile route

no cdma pdsn sm add mobile route

The command installs the host route for the mobile on the PCOP when the flow comes up and deletes the host route whenever the flow goes down. The command is needed only in cases where routes are not added to the Supervisor of the mobiles which connects through Simple IP calls.

Syntax Description

This command has no arguments or keywords.

Defaults

By default, this command is not configured.

Command Modes

Configuration Mode.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn sm add mobile route command:

cdma pdsn tft persistent-check

To check, before installing TFT, the 3GPP2 attribute Type 89 (cdma-num-persistence) downloaded from AAA, configure the cdma pdsn tft persistent-check command in global configuration mode. To disable the command, use the no form of this command.

cdma pdsn tft persistent-check

no cdma pdsn tft persistent-check

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Global Configuration.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn ft persistent-check command:

Router(config)# cdma pdsn tft persistent-check

cdma pdsn tft reject include error extension

To include the error extension in the reject message whenever a TFT is rejected, use the cdma pdsn tft rejectincludeerrorextension command in global configuration mode. Use the no form of the command to disable this feature.

cdma pdsn tft rejectincludeerrorextension

no cdma pdsn tft rejectincludeerrorextension

Syntax Description

There are no keywords or arguments for this command.

Defaults

There are no default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.4xx

This command was introduced.

Examples

The following example shows how to enable the cdma pdsn tft reject include error extension command:

cdma pdsn tft ?

reject Configure CDMA PDSN TFT reject

cdma pdsn tft reject ?

include Configure CDMA PDSN TFT reject include

cdma pdsn tft reject include ?

error Configure CDMA PDSN TFT reject include error

cdma pdsn tft reject include error ?

extension Configure CDMA PDSN TFT reject include error extension

cdma pdsn tft reject include error extension ?

cdma pdsn timeout

To configure a variety of message timeouts, use the cdma pdsn timeout command in global configuration mode. To disable any of these message timeouts, use the no form of this command.

Defaults

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.3(14)YF

The close-rp keyword was added.

Usage Guidelines

PDSN may initiate the release of an A10 connection by sending an A11 Registration Update message to the PCF. In this case, the PCF is expected to send an A11 Registration Acknowledge message followed by an A11 Registration Request with Lifetime set to 0. If PDSN does not receive an A11 Registration Acknowledge or an A11 Registration Request with Lifetime set to 0, PDSN times out and retransmits the A11 Registration Update. The default timeout is 1 second and can be modified using this command.

Examples

The following example shows how to set the timeout value for A11 Registration Update message to 5 seconds:

PDSN(config)#cdma pdsn timeout airlink-start 5 ?

close-rp Close RP session if airlink start timeout occurs

initiate-ppp Initiate PPP negotiation if airlink start timeout occurs

PDSN(config)#cdma pdsn timeout airlink-start 5 ini

PDSN(config)#cdma pdsn timeout airlink-start 5 initiate-ppp ?

<cr>

PDSN(config)#cdma pdsn timeout airlink-start 5 clo

PDSN(config)#cdma pdsn timeout airlink-start 5 close-rp ?

Related Commands

Command

Description

cdma pdsn retransmit a11-update

Specifies the maximum number of times an A11 Registration Update message are retransmitted.

cdma pdsn timeout mobile-ip-registration

To set the timeout value before which Mobile IP registration should occur for a user skipping the PPP authentication, use the cdma pdsn timeout mobile-ip-registration command in global configuration mode. To return to the default 5-second timeout, use the no version of the command.

cdma pdsn timeout mobile-ip-registration timeout

no cdma pdsn timeout mobile-ip-registration

Syntax Description

timeout

Time, in seconds. Possible values are 1 through 60. The default is 5 seconds.

Defaults

5 seconds.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

A CDMA data user using Mobile IP skips authentication and authorization during PPP and performs those tasks through Mobile IP registration. In order to secure the network, the traffic is filtered. The only packets allowed through the filter are the Mobile IP registration messages. As an additional protection, if the Mobile IP registration does not happen within a defined time, the PPP link is terminated.

Examples

The following example shows how to set the timeout value for Mobile IP registration to 15 seconds:

cdma pdsn mobile-ip-timeout 15

Related Commands

Command

Description

show cdma pdsn

Displays the current status and configuration of the PDSN gateway.

show ip mobile interface

Displays information about interfaces that are providing FA service or are home links for mobile stations.

cdma pdsn virtual-template

To associate a virtual template with PPP over GRE, use the cdma pdsn virtual-template command in global configuration mode. To remove the association, use the no form of this command.

cdma pdsn virtual-template virtualtemplate_num

no cdma pdsn virtual-template virtualtemplate_num

Syntax Description

virtualtemplate_num

Virtual template number. Possible values are 1 through 25.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

PPP links are dynamically created. Each link requires an interface. The characteristics of each link are cloned from a virtual template. Because there can be multiple virtual templates defined in a single PDSN, this command is used to identify the virtual template that is used for cloning virtual accesses for PPP over GRE.

Examples

The following example shows how to associate virtual template 2 with PPP over GRE:

cdma pdsn virtual-template 2

Related Commands

Command

Description

interface virtual-template

Creates a virtual template interface.

clear cdma pdsn cluster controller session record age

To clear session records of a specified age, use the clear cdma pdsn cluster controller session record age command in privileged EXEC mode.

clear cdma pdsn cluster controller session recordagedays

Syntax Description

days

The number of days of the record age.

Defaults

No default keywords or arguments.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(8)BY

This command was introduced.

Examples

The following example shows how to enable the clear cdma pdsn cluster controller session recordagecommand:

Command Modes

Command History

Usage Guidelines

This command terminates one or more user sessions. When this command is issued, the PDSN initiates the session release by sending an A11Registration Update message to the PCF.

The keyword all clears all sessions on a given PDSN. The keyword pcf with an IP address clears all the sessions coming from a given PCF. The keyword msid with a number clears the session for a given MSID.

Examples

The following example shows how to clear session MSID 0000000002:

clear cdma pdsn session msid 0000000002

clear cdma pdsn statistics

To clear the RAN-to-PDSN interface (RP) or PPP statistics on the PDSN, use the clear cdma pdsn statistics command in privileged EXEC mode.

clear cdma pdsn statistics

Syntax Description

There are no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(8)BY

This command was introduced.

Usage Guidelines

Previous releases used the show cdma pdsn statistics command to show PPP and RP statistic summaries from the time the system was restarted. The clear cdma pdsn statistics command allows the user to reset the counters as desired, and to view the history since the counters were last reset.

Examples

The following example shows how to enable the clear cdma pdsn statisticsrp command before and after the counters are reset.

Before counters are reset

Router#show cdma pdsn statistics rp

RP Interface:

Reg Request rcvd 5, accepted 5, denied 0, discarded 0

Note Non-zero values of counters.

Initial Reg Request accepted 4, denied 0

Re-registration requests accepted 0, denied 0

De-registration accepted 1, denied 0

Registration Request Errors:

Unspecified 0, Administratively prohibited 0

Resource unavailable 0, Authentication failed 0

Identification mismatch 0, Poorly formed requests 0

Unknown PDSN 0, Reverse tunnel mandatory 0

Reverse tunnel unavailable 0, Bad CVSE 0

Update sent 1, accepted 1, denied 0, not acked 0

Initial Update sent 1, retransmissions 0

Acknowledge received 1, discarded 0

Update reason lifetime expiry 0, PPP termination 1, other 0

Registration Update Errors:

Unspecified 0, Identification mismatch 0

Authentication failed 0, Administratively prohibited 0

Poorly formed request 0

Service Option:

asyncDataRate2 (12) success 4, failure 0

After the counters are reset

Router#clear cdma pdsn statistics rp

==> RESETTING COUNTERS

Router#show cdma pdsn statistics rp

RP Interface:

Reg Request rcvd 0, accepted 0, denied 0, discarded 0

Note The counter values are zeroes.

Initial Reg Request accepted 0, denied 0

Re-registration requests accepted 0, denied 0

De-registration accepted 0, denied 0

Registration Request Errors:

Unspecified 0, Administratively prohibited 0

Resource unavailable 0, Authentication failed 0

Identification mismatch 0, Poorly formed requests 0

Unknown PDSN 0, Reverse tunnel mandatory 0

Reverse tunnel unavailable 0, Bad CVSE 0

Update sent 0, accepted 0, denied 0, not acked 0

Initial Update sent 0, retransmissions 0

Acknowledge received 0, discarded 0

Update reason lifetime expiry 0, PPP termination 0, other 0

Registration Update Errors:

Unspecified 0, Identification mismatch 0

Authentication failed 0, Administratively prohibited 0

Poorly formed request 0

Service Option:

asyncDataRate2 (12) success 4, failure 0

Related Commands

Command

Description

show cdma pdsn statistics

Displays PDSN statistics.

clear ip mobile

To clear various IP Mobile information, use the clear ip mobile EXEC command.

Syntax Description

(Optional) IP address. If not specified, visitor information is removed for all addresses.

naistring

(Optional) Network access identifier of the mobile node.

Command Modes

EXEC

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The nai keyword and associated variables were added.

Usage Guidelines

The foreign agent creates a visitor entry for each accepted visitor. The visitor entry allows the mobile node to receive packets while in a visited network. Associated with the visitor entry is the ARP entry for the visitor. It is not needed to clear the entry because it expires after lifetime is reached or when the mobile node gets unregistered.

When a visitor entry is removed, the number of users on the tunnel is decremented and the ARP entry is removed from the ARP cache. The visitor is not notified.

Use this command with care because it may terminate any sessions used by the mobile node. After using this command, the visitor needs to reregister to continue roaming.

Examples

The following example shows how to use counters for debugging:

Router# show ip mobile traffic

IP Mobility traffic:

Advertisements:

Solicitations received 0

Advertisements sent 0, response to solicitation 0

Home Agent Registrations:

Register 8, Deregister 0 requests

Register 7, Deregister 0 replied

Accepted 6, No simultaneous bindings 0

Denied 1, Ignored 1

Unspecified 0, Unknown HA 0

Administrative prohibited 0, No resource 0

Authentication failed MN 0, FA 0

Bad identification 1, Bad request form 0

.

Router# clear ip mobile traffic

Router# show ip mobile traffic

IP Mobility traffic:

Advertisements:

Solicitations received 0

Advertisements sent 0, response to solicitation 0

Home Agent Registrations:

Register 0, Deregister 0 requests

Register 0, Deregister 0 replied

Accepted 0, No simultaneous bindings 0

Denied 0, Ignored 0

Unspecified 0, Unknown HA 0

Administrative prohibited 0, No resource 0

Authentication failed MN 0, FA 0

Bad identification 0, Bad request form 0

Related Commands

Command

Description

show ip mobile traffic

Displays protocol counters.

crypto map (global IPSec)

To enter crypto map configuration mode and create or modify a crypto map entry, to create a crypto profile that provides a template for configuration of dynamically created crypto maps, or to configure a client accounting list, use the crypto map command in global configuration mode. To delete a crypto map entry, profile, or set, use the no form of this command.

Note Issue the crypto mapmap-nameseq-num command without a keyword to modify an existing crypto map entry.

Syntax Description

map name

The name you assign to the crypto map set

seq-num

The number you assign to the crypto map entry.

ipsec-manual

Indicates that IKE is not used to establish the IPSec security associations for protecting the traffic specified by this crypto map entry.

ipsec-isakmp

Indicates that IKE is used to establish the IPSec security associations for protecting the traffic specified by this crypto map entry.

dynamic

(Optional) Specifies that this crypto map entry is to reference a preexisting dynamic crypto map. Dynamic crypto maps are policy templates used in processing negotiation requests from a peer IPSec device. If you use this keyword, none of the crypto map configuration commands is made available.

dynamic-map-name

(Optional) Specifies the name of the dynamic crypto map set that should be used as the policy template.

(Optional) Designates a crypto map as a configuration template. The security configurations of this crypto map is cloned as new crypto maps are created dynamically on demand.

profile-name

(Optional) Name of the crypto profile being created.

client-accounting- list

(Optional) Designates a client accounting list.

aaalist

(Optional) List name.

Defaults

No crypto maps exist.

Peer discovery is not enabled.

Command Modes

Global configuration. Using this command puts you into crypto map configuration mode, unless you use the dynamic keyword.

Command History

Release

Modification

11.2

This command was introduced.

11.3T

The following keywords and arguments were added:

•ipsec-manual

•ipsec-isakmp

•dynamic

•dynamic-map-name

12.0(5)T

The discover keyword was added to support Tunnel Endpoint Discovery (TED).

12.2(4)T

The profileprofile-name keyword and argument combination was introduced to allow the generation of a crypto map profile that is cloned to create dynamically created crypto maps on demand.

12.2(11)T

Support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.

12.2(15)T

The client-accounting-list keyword and aaalist argument were added.

Usage Guidelines

Use this command to create a new crypto map entry, to create a crypto map profile, or to modify an existing crypto map entry or profile.

After a crypto map entry has been created, you cannot change the parameters specified at the global configuration level because these parameters determine which of the configuration commands are valid at the crypto map level. For example, after a map entry has been created using the ipsec-isakmp keyword, you cannot change it to the option specified by the ipsec-manual keyword; you must delete and reenter the map entry.

After you define crypto map entries, you can assign the crypto map set to interfaces using the crypto map (interface IPSec) command.

Crypto Map Functions

Crypto maps provide two functions: filtering and classifying traffic to be protected and defining the policy to be applied to that traffic. The first use affects the flow of traffic on an interface; the second affects the negotiation performed (using IKE) on behalf of that traffic.

IPSec crypto maps define the following:

•What traffic should be protected

•To which IPSec peers the protected traffic can be forwarded—these are the peers with which an SA can be established

•Which transform sets are acceptable for use with the protected traffic

•How keys and security associations should be used or managed (or what the keys are, if IKE is not used)

Multiple Crypto Map Entries with the Same Map Name Form a Crypto Map Set

A crypto map set is a collection of crypto map entries, each with a different seq-num argument but the same map-name argument. Therefore, for a given interface, you could have certain traffic forwarded to one IPSec peer with specified security applied to that traffic and other traffic forwarded to the same or a different IPSec peer with different IPSec security applied. To accomplish differential forwarding you would create two crypto maps, each with the same map-name argument, but each with a different seq-num argument. Crypto profiles must have unique names within a crypto map set.

Sequence Numbers

The number you assign to the seq-num argument should not be arbitrary. This number is used to rank multiple crypto map entries within a crypto map set. Within a crypto map set, a crypto map entry with a lower seq-num is evaluated before a map entry with a higher seq-num; that is, the map entry with the lower number has a higher priority.

For example, consider a crypto map set that contains three crypto map entries: mymap 10, mymap 20, and mymap 30. The crypto map set named "mymap" is applied to serial interface 0. When traffic passes through serial interface 0, the traffic is evaluated first for mymap 10. If the traffic matches any access list permit statement entry in the extended access list in mymap 10, the traffic is processed according to the information defined in mymap 10 (including establishing IPSec SAs when necessary). If the traffic does not match the mymap 10 access list, the traffic is evaluated for mymap 20, and then mymap 30, until the traffic matches a permit entry in a map entry. (If the traffic does not match a permit entry in any crypto map entry, it is forwarded without any IPSec security.)

Dynamic Crypto Maps

Refer to the "Usage Guidelines" section of the crypto dynamic-map command for a discussion on dynamic crypto maps.

Crypto map entries that reference dynamic map sets should be the lowest priority map entries, allowing inbound SA negotiation requests to try to match the static maps first. Only after the request does not match any of the static maps, do you want it to be evaluated against the dynamic map set.

To make a crypto map entry referencing a dynamic crypto map set the lowest priority map entry, give the map entry the highest seq-num of all the map entries in a crypto map set.

Create dynamic crypto map entries using the crypto dynamic-map command. After you create a dynamic crypto map set, add the dynamic crypto map set to a static crypto map set with the crypto map (global IPSec) command using the dynamic keyword.

TED

TED is an enhancement to the IPSec feature. Defining a dynamic crypto map allows you to dynamically determine an IPSec peer; however, only the receiving router has this ability. With TED, the initiating router can dynamically determine an IPSec peer for secure IPSec communications.

Dynamic TED helps to simplify IPSec configuration on the individual routers within a large network. Each node has a simple configuration that defines the local network that the router is protecting and the IPSec transforms that are required.

Note TED helps only in discovering peers; otherwise, TED does not function any differently from normal IPSec. Thus, TED does not improve the scalability of IPSec (in terms of performance or the number of peers or tunnels).

Crypto Map Profiles

Crypto map profiles are created using the profileprofile-name keyword and argument combination. Crypto map profiles are used as configuration templates for dynamically creating crypto maps on demand for use with the Layer 2 Transport Protocol (L2TP) Security feature. The relevant Security Associations (SA) of the crypto map profile are cloned and used to protect IP traffic on the L2TP tunnel.

Note The setpeer and match address commands are ignored by crypto profiles and should not be configured in the crypto map definition.

Examples

The following example shows the minimum required crypto map configuration when IKE is used to establish the security associations:

Router# crypto map mymap 10 ipsec-isakmp

match address 101

set transform-set my_t_set1

set peer 10.0.0.1

The following example shows the minimum required crypto map configuration when the security associations are manually established:

Router# crypto transform-set someset ah-md5-hmac esp-des

crypto map mymap 10 ipsec-manual

match address 102

set transform-set someset

set peer 10.0.0.5

set session-key inbound ah 256 98765432109876549876543210987654

set session-key outbound ah 256 fedcbafedcbafedcfedcbafedcbafedc

set session-key inbound esp 256 cipher 0123456789012345

set session-key outbound esp 256 cipher abcdefabcdefabcd

The following example shows how to configure an IPSec crypto map set that includes a reference to a dynamic crypto map set.

Crypto map "mymap 10" allows security associations to be established between the router and either (or both) of two remote IPSec peers for traffic matching access list 101. Crypto map "mymap 20" allows either of two transform sets to be negotiated with the remote peer for traffic matching access list 102.

Crypto map entry "mymap 30" references the dynamic crypto map set "mydynamicmap," which can be used to process inbound security association negotiation requests that do not match "mymap" entries 10 or 20. In this case, if the peer specifies a transform set that matches one of the transform sets specified in "mydynamicmap," for a flow "permitted" by the access list 103, IPSec accepts the request and set up security associations with the remote peer without previously knowing about the remote peer. If accepted, the resulting security associations (and temporary crypto map entry) are established according to the settings specified by the remote peer.

The access list associated with "mydynamicmap 10" is also used as a filter. Inbound packets that match a permit statement in this list are dropped for not being IPSec protected. (The same is true for access lists associated with static crypto maps entries.) Outbound packets that match a permit statement without an existing corresponding IPSec SA are also dropped.

Router# crypto map mymap 10 ipsec-isakmp

match address 101

set transform-set my_t_set1

set peer 10.0.0.1

set peer 10.0.0.2

crypto map mymap 20 ipsec-isakmp

match address 102

set transform-set my_t_set1 my_t_set2

set peer 10.0.0.3

crypto map mymap 30 ipsec-isakmp dynamic mydynamicmap

!

crypto dynamic-map mydynamicmap 10

match address 103

set transform-set my_t_set1 my_t_set2 my_t_set3

The following example shows how to configure Tunnel Endpoint Discovery on a Cisco router:

Router# crypto map testtag 10 ipsec-isakmp dynamic dmap discover

The following example shows how to configure a crypto profile to be used as a template for dynamically created crypto maps when IPSec is used to protect an L2TP tunnel:

Router# crypto map l2tpsec 10 ipsec-isakmp profile l2tp

crypto map local-address

To specify and name an identifying interface to be used by the crypto map for IPSec traffic, use the crypto map local-address command in global configuration mode. To remove this command from the configuration, use the no form of this command.

crypto map map-name local-address interface-id

no crypto map map-name local-address interface-id

Syntax Description

map-name

Name that identifies the crypto map set. This is the name assigned when the crypto map was created.

interface-id

The identifying interface that should be used by the router to identify itself to remote peers.

If Internet Key Exchange is enabled and you are using a certification authority (CA) to obtain certificates, this should be the interface with the address specified in the CA certificates

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release

Modification

11.3T

This command was introduced.

Usage Guidelines

If you apply the same crypto map to two interfaces and do not use this command, two separate security associations (with different local IP addresses) could be established to the same peer for similar traffic. If you are using the second interface as redundant to the first interface, it could be preferable to have a single security association (with a single local IP address) created for traffic sharing the two interfaces. Having a single security association decreases overhead and makes administration simpler.

This command allows a peer to establish a single security association (and use a single local IP address) that is shared by the two redundant interfaces.

If applying the same crypto map set to more than one interface, the default behavior is as follows:

•Each interface has its own security association database.

•The IP address of the local interface is used as the local address for IPSec traffic originating from/destined to that interface.

However, if you use a local-address for that crypto map set, it has multiple effects:

•Only one IPSec security association database is established and shared for traffic through both interfaces.

•The IP address of the specified interface is used as the local address for IPSec (and IKE) traffic originating from or destined to that interface.

One suggestion is to use a loopback interface as the referenced local address interface, because the loopback interface never goes down.

Examples

The following example shows how to assign crypto map set "mymap" to the S0 interface and to the S1 interface. When traffic passes through either S0 or S1, the traffic is evaluated against all the crypto maps in the "mymap" set. When traffic through either interface matches an access list in one of the "mymap" crypto maps, a security association is established. This same security association is then applied to both S0 and S1 traffic that matches the originally matched IPSec access list. The local address that IPSec uses on both interfaces is the IP address of interface loopback0.

interface S0

crypto map mymap

interface S1

crypto map mymap

crypto map mymap local-address loopback0

debug cdma pdsn a10 ahdlc

To display debug messages for AHDLC, use the debug cdma pdsn a10 ahdlc command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn a10 ahdlc [errors | events]

no debug cdma pdsn a10 ahdlc [errors | events]

Syntax Description

errors

(Optional) Displays details of AHDLC packets in error.

events

(Optional) Displays AHDLC events.

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.2(8)BY

Keywords were made optional.

Examples

The following example shows how to enable the debug cdma pdsn a10 ahdlc command:

Router# debug cdma pdsn a10 ahdlc errors

ahdlc error packet display debugging is on

Router# debug cdma pdsn a10 ahdlc events

ahdlc events display debugging is on

Router#

*Jan 1 00:18:30:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up

*Jan 1 00:18:30:*****OPEN AHDLC*****

*Jan 1 00:18:30: ahdlc_mgr_channel_create

*Jan 1 00:18:30: ahdlc_mgr_allocate_available_channel:

*Jan 1 00:18:30:ahdlc:tell h/w open channel 9 from engine 0

debug cdma pdsn a10 gre

To display debug messages for A10 GRE interface errors, events, and packets, use the debug cdma pdsn a10 gre command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn a10 gre [errors | events | packets] [tunnel-keykey]

no debug cdma pdsn a10 gre [errors | events | packets]

Syntax Description

errors

(Optional) Displays A10 GRE errors.

events

(Optional) Displays A10 GRE events.

packets

(Optional) Displays transmitted or received A10 GRE packets.

tunnel-keykey

(Optional) Specifies the GRE key.

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(8)BY

The tunnel-key parameter was added and the existing keywords were made optional.

Examples

The following example shows how to enable the debug cdma pdsn a10 gre events tunnel-key command:

debug cdma pdsn a10 ppp

To display debug messages for A10 PPP interface errors, events, and packets, use the debug cdma pdsn a10 gre command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn a10 ppp [errors | events | packets]

no debug cdma pdsn a10 ppp [errors | events | packets]

Syntax Description

errors

(Optional) Displays A10 PPP errors.

events

(Optional) Displays A10 PPP events.

packets

(Optional) Displays transmitted or received A10 PPP packets.

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(8)BY

Keywords were made optional.

Examples

The following example shows how to enable the debug cdma pdsn a10 ppp command:

debug cdma pdsn accounting raa

To display debug messages for remote address accounting errors and events, use the debug cdma pdsn accounting raa events and debugcdma pdsn accounting raa errors commands in privileged EXEC mode respectively. To disable debug messages, use the no form of the commands.

debug cdma pdsn accounting raa events

debug cdma pdsn accounting raa errors

no debug cdma pdsn accounting raa events

no debug cdma pdsn accounting raa errors

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn accounting raa events command:

PDSN# debug cdma pdsn accounting raa ?

errors CDMA PDSN RAA errors

events CDMA PDSN RAA events

PDSN# debug cdma pdsn accounting raa errors ?

<cr>

PDSN# debug cdma pdsn accounting raa errors

CDMA PDSN Remote Address based accounting errors debugging is on

PDSN#

PDSN#

*Jul 10 07:18:24.131: Parse Subtype 1, Table Index 1

*Jul 10 07:18:24.131: Parse Subtype 1, Table Index 2

*Jul 10 07:18:24.131: Parse Subtype 2, Qualifier 2

PDSN#

The following example shows how to enable the debug cdma pdsn accounting raa errors command:

debug cdma pdsn cac

To display debug messages for cac (call admission control), use the debug cdma pdsn cac command in privileged EXEC mode. To disable debug messages, use the no form of this command. These debugs display the cac related information updates between processors.

debug cdma pdsn cac

no debug cdma pdsn cac

Syntax Description

This command has no arguments or keywords.

Defaults

All types of debug information are enabled if you enter the command without optional keywords.

Command Modes

Privileged EXEC.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn cac command:

debug cdma pdsn resource-manager

To display debug messages that help you monitor the resource-manager information, use the debug cdma pdsn resource-manager command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn resource-manager [error | events]

no debug cdma pdsn resource-manager [error | events]

Syntax Description

errors

Displays pdsn resource manager errors.

events

Displays pdsn resource manager events.

Defaults

No default behavior or values.

Command History

Release

Modification

12.2(8)BY

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn resource-manager command:

Router# debug cdma pdsn resource-manager?

errors CDMA PDSN resource manager errors

events CDMA PDSN resource manager events

debug cdma pdsn rsvp

To display details of the RSVP packets received, use the debug cdma pdsn rsvp command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn rsvp {events | errors}

no debug cdma pdsn rsvp {events | errors}

Syntax Description

errors

Displays pdsn rsvp errors.

events

Displays pdsn rsvp events.

Defaults

No default behavior or values.

Command History

Release

Modification

12.4xx

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn rsvp command:

debug cdma pdsn service-selection

To display debug messages for service selection, use the debug cdma pdsn service-selection command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn service-selection

no debug cdma pdsn service-selection

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn service-selection command:

Router# debug cdma pdsn service-selection

CDMA PDSN service provisioning debugging is on

Router#

1d02h:%LINK-3-UPDOWN:Interface Virtual-Access3, changed state to up

1d02h:Vi3 CDMA-SP:user_class=1, ms_ipaddr_req=1, apply_acl=0

1d02h:Vi3 CDMA-SP:Adding simple ip flow, user=bsip, mn=6.0.0.2,

1d02h:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access3,

changed state to up

debug cdma pdsn session

To display debug messages for Session Manager errors, events, and packets, use the debug cdma pdsn session-manager command in privileged EXEC mode. To disable debug messages, use the no form of this command.

debug cdma pdsn session [errors | events]

no debug cdma pdsn session [errors | events]

Syntax Description

errors

(Optional) Displays session protocol errors.

events

(Optional) Displays session events.

Defaults

If the command is entered without any optional keywords, all of the types of debug information are enabled.

Command History

Release

Modification

12.1(3)XS

This command was introduced.

12.2(8)BY

Keywords were made optional.

12.4xx

Enhanced to display the Auxiliary A10 and IP flow parsing and installation details.

Examples

The following example shows how to enable the debug cdma pdsn session command:

Router# debug cdma pdsn session events

CDMA PDSN session events debugging is on

Router# debug cdma pdsn session errors

CDMA PDSN session errors debugging is on

Router# show debug

CDMA:

CDMA PDSN session events debugging is on

CDMA PDSN session errors debugging is on

Router#

*Jan 1 00:22:27:CDMA-SM:create_session 5.5.5.5-4.4.4.5-2

*Jan 1 00:22:27:CDMA-SM:create_tunnel 5.5.5.5-4.4.4.5

*Jan 1 00:22:27:%LINK-3-UPDOWN:Interface Virtual-Access1, changed state to up

*Jan 1 00:22:30:%LINEPROTO-5-UPDOWN:Line protocol on Interface Virtual-Access1, changed
state to up

debug cdma pdsn sm

To display debug messages forsm (cdma singleip session manager) errors, events, and packets, use the debug cdma pdsn sm command in privileged EXEC mode. To disable debug messages, use the no form of this command. These debugs display the sm interaction related information.

debug cdma pdsn sm [errors | events | packets]

no debug cdma pdsn sm [errors | events | packets]

Syntax Description

errors

(Optional) Displays session manager errors.

events

(Optional) Displays session manager events.

packets

(Optional) Displays transmitted or received packets related to session manager.

Defaults

All types of debug information are enabled if you enter the command without optional keywords.

Command Modes

Privileged EXEC.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable the debug cdma pdsn sm command:

To configure authorized flow profile IDs for each direction, use the flow-profile direction command in the service flows qos subscriber profile sub-mode. Use the no form of the command to disable this feature.

Defaults

Command Modes

Command History

Usage Guidelines

Examples

The following example shows how to enable the flow-profile direction command:

Router#(config-qos-profile)#flow-profile ?

direction Configure direction for flow of packet

Router#(config-qos-profile)#flow-profile direction ?

<1-3> 1-Reverse 2-Forward 3-Bi-direction

Router#(config-qos-profile)#flow-profile direction 1 ?

flow-id defines qos treatment to apply to a packet flow

Router#(config-qos-profile)#flow-profile direction 1 flow-id ?

<1-255> Value

Router#(config-qos-profile)#flow-profile direction 1 flow-id 100 ?

interface cdma-Ix

To define the virtual interface for the R-P tunnels, use the interface cdma-Ix command in global configuration mode. To disable the interface, use the no form of this command.

interface cdma-Ix1

no interface cdma-Ix1

Syntax Description

Ix1

Interface number 1. Only one interface definition per PDSN is allowed.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

The only interface level command allowed on the virtual interface is the IP address configuration.

Examples

The following example shows how to define the virtual interface for the R-P tunnel and configures the IP address:

interface cdma-Ix1

ip address 1.1.1.1 255.255.0.0

Related Commands

Command

Description

show interfaces

Displays statistics about the network interfaces.

inter-user-priority (service flows qos subscriber profile sub-mode)

To configure Inter-user priority parameter, use the inter-user-priority command in the service flows qos subscriber profile sub-mode. Use the no form of the command to disable this feature.

inter-user-priority value

no inter-user-priority value

Syntax Description

value

The inter-user-priority value. The valid range is 1- 4294967295.

Defaults

There are no default values.

Command Modes

Service flows qos subscriber profile sub-mode.

Command History

Release

Modification

12.4xx

This command was introduced.

Usage Guidelines

Examples

The following example shows how to enable the inter-user-priority command:

Router#(config-qos-profile)#inter-user-priority ?

<1-4294967295> Value

Router#(config-qos-profile)#inter-user-priority 200 ?

<cr>

ip mobile authentication ignore-spi

To enable MNs and Foreign Agents to use the SPI while calculating the authenticator value for Mobile-Home Auth or Foreign-Home authorization, use the ip mobile authentication ignore-spi global configuration command.

ip mobile authentication ignore-spi

Syntax Description

This command has no arguments or keywords.

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.2(8)BY

This command was introduced.

Examples

The following example shows how to enable the ip mobile authentication ignore-spi command:

Router# ip mobile authentication ignore-spi

ip mobile bindupdate

During an inter-PDSN handoff, to enable an HA to send a binding update message to an old FA to release the unused PPP session the FA is holding, use the ip mobile bindupdate global configuration command. To disable this configuration, use the no form of the command.

Syntax Description

(Optional) Old FA sends an acknowledge message to the HA in response to the binding update message.

maximum secs

(Optional) If acknowledge message is not received then maximum time HA has to wait before retransmitting the message (allowed 1-10 secs)

minimum secs

(Optional) If acknowledge message is not received then minimum time HA has to wait before retransmitting the message (allowed 1-10 secs)

retry value

(Optional) If acknowledge message is not received then number of times HA has to send the binding update message (allowed 1-4 times)

Defaults

No default values.

Command Modes

Global configuration.

Command History

Release

Modification

12.2(8)BY

This command was introduced.

Examples

The following example shows how to enable the ip mobile bindupdate command:

Router# ip mobile bindupdate

ip mobile cdma imsi dynamic

To enable the PDSN to delete the first call session for dynamic home address cases (1x-RTT to EVDO handoff where IMSI changes during the handoff), and allow the new session to come up, use the ip mobile cdma imsi dynamic command in global configuration mode. Use the no form of the command to disable this feature.

ip mobile cdma imsi dynamic

no ip mobile cdma imsi dynamic

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.3(11)YF3

This command was introduced.

Examples

The following example shows how to issue the ip mobile cdma imsi dynamic command:

Router(config)# ip mobile cdma imsi dynamic

ip mobile cdma ipsec

To enable IS835 IPSec security, use the ip mobile cdma ipsec command in global configuration mode. Use the no form of the command to disable this feature.

ip mobile cdma ipsec

no ip mobile cdma ipsec

Syntax Description

There are no arguments or keywords for this command.

Defaults

There are no default values for this command.

Command Modes

Global configuration

Command History

Release

Modification

12.3(8)XW

This command was introduced.

Usage Guidelines

This command is only present in crypto images for the 7200, and non-crypto images for the MWAM.

Examples

The following example shows how to enable IS835 IPsec on the PDSN:

Router# ip mobile cdma ipsec

ip mobile foreign-agent

To enable foreign agent service, use the ip mobile foreign-agent global configuration command. To disable this service, use the no form of this command.

Syntax Description

(Optional) IP address of the interface. Sets the care-of address on the foreign agent. Multiple care-of addresses can be configured.

reg-wait seconds

(Optional) Pending registration expires after the specified number of seconds if no reply is received. Range is from 5 to 600. Default is 15.

local-timezone

(Optional) Adjusts the UTC time based on the local time zone configured and uses the adjusted time for proxy mobile IP registration.

Defaults

Disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(2)XC

The local-timezone keyword was added.

Usage Guidelines

This command enables foreign agent service when at least one care-of address is configured. When no care-of address exists, foreign agent service is disabled.

The foreign agent is responsible for relaying the registration request to the home agent, setting up tunnel to the home agent, and forwarding packets to the mobile node. The show commands used to display relevant information are shown in parentheses in the following paragraph.

When a registration request comes in, the foreign agent ignores the request when foreign agent service is not enabled on interface or when no care-of address is advertised. If a security association exists for a visiting mobile node, the visitor is authenticated (show ip mobile secure visitor command). The registration bitflag is handled as described in Table 2 (show ip mobileinterface command). The foreign agent checks the validity of the request. If successful, the foreign agent relays the request to the home agent, appending an FH authentication extension if a security association for the home agent exists. The pending registration timer of 15 seconds is started (show ip mobile visitor pending command). At most, five outstanding pending requests per mobile node are allowed. If a validity check fails, the foreign agent sends a reply with error code to the mobile node (reply codes are listed in Table 3). A security violation is logged when visiting mobile node authentication fails (show ip mobile violation command). (Violation reasons are listed in Table 9.)

When a registration reply comes in, the home agent is authenticated (show ip mobile secure home-agent command) if a security association exists for the home agent (IP source address or home agent address in reply). The reply is relayed to the mobile node.

When registration is accepted, the foreign agent creates or updates the visitor table, which contains the expiration timer. If no binding existed before this registration, a virtual tunnel is created, a host route to the mobile node via the interface (of the incoming request) is added to the routing table (show ip route mobile command), and an ARP entry is added to avoid sending ARP requests for the visiting mobile node. Visitor binding is removed (along with its associated host route, tunnel, and ARP entry) when the registration lifetime expires or registration is rejected.

When registration is denied, the foreign agent removes the request from the pending registration table. The table and timers of the visitor are unaffected.

When a packet destined for the mobile node arrives on the foreign agent, the foreign agent de-encapsulates the packet and forwards it out its interface to the visiting mobile node, without sending ARP requests.

The care-of address must be advertised by the foreign agent. This is used by the mobile node to register with the home agent. The foreign agent and home agent use this address as the source and destination point of tunnel, respectively. The foreign agent is not enabled until at least one care-of address is available. The foreign agent advertises on interfaces configured with the ip mobile foreign-service command.

Only care-of addresses with interfaces that are up are considered available.

Table 2 Foreign Agent Registration Bitflags

Bit Set

Registration Request

S

No operation. Not applicable to foreign agent.

B

No operation. Not applicable to foreign agent.

D

Make sure source IP address belongs to the network of the interface.

M

Deny request. Minimum IP encapsulation is not supported.

G

No operation. GRE encapsulation is supported.

V

Deny request. Van Jacobson Header compression is not supported.

T

Deny request. Reverse tunnel is not supported.

reserved

Deny request. Reserved bit must not be set.

Table 3 Foreign Agent Reply Codes

Code

Reason

64

Reason unspecified.

65

Administratively prohibited.

66

Insufficient resource.

67

Mobile node failed authentication.

68

Home agent failed authentication.

69

Requested lifetime is too long.

70

Poorly formed request.

71

Poorly formed reply.

72

Requested encapsulation is unavailable.

73

Requested Van Jacobson Header compression is unavailable.

74

Reverse tunnel unsupported.

80-95

ICMP Unreachable message code 0 to 15.

Examples

The following example shows how to enable foreign agent service on interface Ethernet1, advertising 1.0.0.1 as the care-of address:

ip mobile foreign-agent care-of Ethernet0

interface Ethernet0

ip address 1.0.0.1 255.0.0.0

interface Ethernet1

ip mobile foreign-service

Related Commands

Command

Description

ip mobile foreign-service

Enables foreign agent service on an interface if care-of addresses are configured.

ip mobile home-agent

Enables home agent service on the router

show ip mobile globals

Displays global information for mobile agents.

show ip mobile interface

Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.

To configure PDSN to send the Generic Routing Encapsulation (GRE) Critical Vendor Specific Externsion (CVSE) for every HA, use the ip mobile foreign-agent extension gre home-agent address range or a single addresscommand inglobal configuration mode. To disable the support, use the no form of this command.

ip mobile foreign-service

To enable foreign agent service on an interface if care-of addresses are configured, use the ip mobile foreign-service interface configuration command. To disable this service, use the no form of this command.

Syntax Description

(Optional) Controls which home agent addresses mobile nodes can be used to register. The access list can be a string or number from 1 to 99.

limit number

(Optional) Number of visitors allowed on interface. The Busy (B) bit is advertised when the number of registered visitors reach this limit. Range is from 1 to 1000. Default is no limit.

registration-required

(Optional) Solicits registration from the mobile node even if it uses collocated care-of addresses. The Registration-required (R) bit is advertised.

challenge

(Optional) Configures configure the FA challenge parameters.

timeout value

Challenge timeout in seconds. Possible values are 1 through 10.

window num

Maximum number of valid challenge values to maintain. Possible values are 1 through 10. The default is 2.

forward-mfce

Enables the FA to forward MFCE and mobile station-AAA to the HA.

reverse-tunnel [mandatory]

(Optional) Enables reverse tunneling on the FA.

Defaults

Disabled. Default is no limit to the number of visitors allowed on an interface. The default number of challenge values is 2.

Command Modes

Global configuration

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.1(3)XS

The challenge keyword and associated parameters were added.

12.2(2)XC

The reverse-tunnel keyword was added.

Usage Guidelines

This command enables foreign agent service on the interface. The foreign agent (F) bit is set in the agent advertisement, which is appended to the IRDP router advertisement whenever the foreign agent or home agent service is enabled on the interface.

Note The Registration-required bit only tells the visiting mobile node to register even if the visiting mobile node is using a collocated care-of address. You must set up packet filters to enforce this. For example, you could deny packets destined for port 434 from the interface of this foreign agent.

Examples

ip mobile prefix-length

To append the prefix-length extension to the advertisement, use the ipmobileprefix-length command in interface configuration mode. To restore the default, use the no form of this command.

ip mobile prefix-length

no ip mobile prefix-length

Syntax Description

This command has no arguments or keywords.

Defaults

The prefix-length extension is not appended.

Command Modes

Interface configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

The prefix-length extension is used for movement detection. When a mobile node registered with one foreign agent receives an agent advertisement from another foreign agent, the mobile node uses the prefix-length extension to determine whether the advertisements arrived on the same network. The mobile node needs to register with the second foreign agent if it is on a different network. If the second foreign agent is on the same network, reregistration is not necessary.

Examples

The following example shows how to append the prefix-length extension to agent advertisements sent by a foreign agent:

ip mobile prefix-length

Related Commands

Command

Description

show ip mobile interface

Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.

ip mobile proxy-host

To locally configure the proxy Mobile IP attributes of the PDSN, use the ip mobile proxy-host global configuration command. To remove the configuration, use the no form of this command.

(Optional) Global registration lifetime for a mobile node. Note that this can be overridden by the individual mobile node configuration. Possible values are 3 through 65535 (infinity). Default is 36000 seconds (10 hours). Registrations requesting a lifetime greater than this value are still accepted, but are use this lifetime value.

local-timezone

(Optional) Adjusts the UTC time based on the local time zone configured and uses the adjusted time for proxy mobile IP registration.

Defaults

No security association is specified.

Command Modes

Global configuration

Command History

Release

Modification

12.2(2)XC

This command was introduced.

Usage Guidelines

All proxy Mobile IP attributes can be retrieved from the AAA server. You can use this command to configure the attributes locally.

If only a realm is specified, the home address cannot be specified.

Examples

The following example shows how to enable the ip mobile proxy-host command:

ip mobile proxy-registration lifetime

To locally configure the proxy Mobile IP attributes of the PDSN, use the ip mobile proxy-registration lifetime command in global configuration mode. To remove the configuration, use the no form of this command.

ip mobile proxy-registration lifetime

no ip mobile proxy-registration lifetime

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XR6

This command was introduced.

Usage Guidelines

This command allows an administrator to specify lifetime in registration request, which is sent as part of the Proxy MIP RRQ from FA to HA.

Examples

The following example shows how to enable the proxy-registration lifetime:

ip mobile proxy-registration lifetime ?

<3-65535> Specify lifetime in registration request

ip mobile proxy-registration mn-aaa-auth

To add MN-HAAA authentication to NVSE ip mobile attribute in PMIP RRQ, use the ip mobile proxy-registration mn-aaa-auth command in global configuration mode. To remove the configuration, use the no form of this command.

ip mobile proxy-registration mn-aaa-auth

no ip mobile proxy-registration mn-aaa-auth

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XR6

This command was introduced.

Usage Guidelines

This command allows an administrator to enable the Cisco vendor specific MN-AAA authentication (HA-chap) chap NVSE, which is sent as part of the Proxy MIP RRQ from Foreign Agent (FA) to Home Agent (HA). This command is recommended only if FA operates with CISCO HA.

Examples

The following example shows how to enable the ip mobile proxy-registration mn-aaa-auth command:

ip mobile proxy-registration mn-aaa-auth

ip mobile proxy-registration sequencing

To configure the Proxy Mobile IP sequencing, use the ip mobile proxy-registration sequencing command in global configuration mode. To remove the configuration, use the no form of this command.

ip mobile proxy-registration sequencing

no ip mobile proxy-registration sequencing

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.4(15)XR6

This command was introduced.

Usage Guidelines

This command allows an administrator to enable the PMIP sequence number CVSE, which is sent as part of the Proxy MIP RRQ from FA to HA. This command is recommended only if FA operates with CISCO HA.

Examples

The following example shows how to enable the PMIP sequence number CVSE to send as part of the PMIP RRQ from FA:

ip mobile proxy-registration sequencing

ip mobile registration-lifetime

To set the registration lifetime value advertised, use the ip mobile registration-lifetime command in interface configuration mode.

ip mobile registration-lifetime seconds

Syntax Description

seconds

Lifetime in seconds. Range is from 3 to 65535 (infinity).

Defaults

36000 seconds

Command Modes

Interface configuration

Command History

Release

Modification

12.0(1)T

This command was introduced.

Usage Guidelines

This command allows an administrator to control the advertised lifetime on the interface. The foreign agent uses this command to control duration of registration. Visitors requesting longer lifetimes are denied.

Examples

The following example shows how to set the registration lifetime to 10 minutes on interface Ethernet 1 and 1 hour on interface Ethernet 2:

interface e1

ip mobile registration-lifetime 600

interface e2

ip mobile registration-lifetime 3600

Related Commands

Command

Description

show ip mobile interface

Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.

ip mobile secure

To specify the mobility security associations for the mobile host, visitor, home agent, foreign agent, and proxy host, use the ip mobile secure global configuration command. To remove the mobility security associations, use the no form of this command.

Usage Guidelines

The SPI is the 4-byte index that selects the specific security parameters to be used to authenticate the peer. The security parameters consist of the authentication algorithm and mode, replay attack protection method, timeout, and IP address.

On a home agent, the security association of the mobile host is mandatory for mobile host authentication. If desired, configure a foreign agent security association on your home agent. On a foreign agent, the security association of the visiting mobile host and security association of the home agent are optional. Multiple security associations for each entity can be configured.

If registration fails because the timestamp value is out of bounds, the time stamp of the home agent is returned so the mobile node can reregister with the time-stamp value closer to that of the home agent, if desired.

The nai keyword is only valid for a host, visitor, and proxy host. To configure security associations for proxy Mobile IP users, use the following form of the command:

ip mobile secure proxy-hostnai string spi spi key {hex | ascii}string

Note NTP can be used to synchronize time for all parties.

Examples

The following example shows mobile node 20.0.0.1, which has a key that is generated by the MD5 hash of the string:

Syntax Description

Specifies when the tunnel MTU should expire if set by Path MTU Discovery.

age-timer minutes

(Optional) Time interval in minutes after which the tunnel reestimates the path MTU.

infinite

(Optional) Turns off the age timer.

nat

Applies Network Address Translation (NAT) on the tunnel interface.

inside

Sets the dynamic tunnel as the inside interface for NAT.

outside

Sets the dynamic tunnel as the outside interface for NAT.

Defaults

Disabled.

Command Modes

Global configuration

Command History

Release

Modification

12.0(1)T

The proxy-host and nai keywords were added.

Usage Guidelines

These commands are only available in ipsec images (K9).

Path MTU discovery is used by end stations to find a packet size that does not need fragmentation between them. Tunnels have to adjust their MTU to the smallest MTU interior to achieve this. This is described in RFC 2003.

The discovered tunnel MTU should be aged out periodically to possibly recover from case where sub-optimum MTU existed at time of discovery. It is reset to the outgoing interface's MTU.

Examples

The following example shows how to assign and specifically names a crypto map:

Router (config)#ip mobile tunnel crypto ?

map Assign a Crypto Map

Router (config)#ip mobile tunnel crypto map ?

WORD Crypto Map tag

ip mobile tunnel ip-ip conserve-ip-id threshold value

To configure the threshold of the packet size, use the ip mobile tunnel ip-ip conserve-ip-id thresholdvalue command in Global configuration mode. Use the no form of the command to disable this feature.

ip mobile tunnel ip-ip conserve-ip-id thresholdvalue

no ip mobile tunnel ip-ip conserve-ip-id thresholdvalue

The new command enables you to set:

•A unique non-zero value for the IP-ID of the packet if the packet size is above the threshold value.

•Zero value for the IP-ID of the packet if the packet size is less than the threshold value.

link-flow (service flows qos subscriber profile sub-mode)

To configure the maximum service connection parameter, use the link-flow command in the service flows qos subscriber profile sub-mode. Use the no form of the command to disable this feature.

link-flow number

no linkflow number

Syntax Description

number

The maximum service connection parameter value. The valid range is 1-255.

Defaults

There are no default values.

Command Modes

Service flows qos subscriber profile sub-mode.

Command History

Release

Modification

12.4xx

This command was introduced.

Usage Guidelines

Examples

The following example shows how to enable the link-flow command:

Router#(config-qos-profile)#link-flow ?

<1-255> Value

Router#(config-qos-profile)#link-flow 40 ?

ppp accm

To configure the Asynchronous Control Character Map (ACCM) to be negotiated with the mobile station, use the ppp accm command in interface configuration mode. To remove the configuration, use the no form of this command.

ppp accm number

no ppp accm

Syntax Description

number

Hexadecimal number identifying the ACCM. Possible values are 0 through FFFFFFFF. The default value is 000A0000.

Defaults

The default value is 000A0000.

Command Modes

Interface Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

The ACCM is a four octet hexadecimal number that indicates the set of control characters to be mapped during transmission of AHDLC frames. During the LCP, each end of the PPP connection informs its peer the ACCM that should be used when transmitting the Asynchronous HDLC (AHDLC) frames. The TIA/EIA/IS-835-B requires that the PDSN propose an ACCM of 0x00000000. To be compliant with TIA/EIA/IS-835-B, "ppp accm 00000000" must be configured on the virtual template interface on Cisco PDSN.

Examples

The following example shows how to specify that PDSN propose an ACCM of 0x00000000:

ppp accm 00000000

Related Commands

Command

Description

ppp authentication

Specifies CHAP or PAP authentication.

ppp authentication

To enable CHAP, PAP or EAP, and to specify the order in which authentication is selected on the interface, use the ppp authentication command in interface configuration mode. To disable authentication, use the no form of this command.

Syntax Description

(Optional) Used with TACACS and extended TACACS. Does not perform CHAP or PAP authentication if the user has already provided authentication. This option is available only on asynchronous interfaces.

list-name

(Optional) Used with AAA. Specifies the name of a list of methods of authentication to use. If no list name is specified, the system uses the default. The list is created with the aaa authentication ppp command.

default

(Optional) Name of the method list is created with the aaa authentication ppp command.

(Optional) Used with PDSN configuration to allow a mobile station to receive Simple IP service and Mobile IP service without CHAP or PAP.

Defaults

PPP authentication is not enabled.

Command Modes

Interface Configuration

Command History

Release

Modification

10.0

This command was introduced.

12.1(3)XS

The optional keyword was added.

Usage Guidelines

To configure Cisco PDSN in compliance with the TIA/EIA/IS-835-B standard, you must configure the PDSN virtual template as follows:

ppp authentication chap pap optional

Examples

The following example shows how to configure virtual-template interface 4:

interface virtual-template 4

ip unnumbered loopback0

ppp authentication chap pap optional

Related Commands

Command

Description

ppp accm

Identifies the ACCM table.

service cdma pdsn

To enable PDSN service, use the service cdma pdsn command in global configuration mode. To disable PDSN service, use the no form of this command.

service cdma pdsn

no service cdma pdsn

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Global Configuration

Command History

Release

Modification

12.1(3)XS

This command was introduced.

Usage Guidelines

This command must be configured to enable CDMA PDSN on the router.

Examples

The following example shows how to enable PDSN service:

service cdma pdsn

Related Commands

Command

Description

show cdma pdsn pcf brief

Displays a table of all PCFs that have R-P tunnels to the PDSN.

show cdma pdsn session

Displays PDSN session information.

set dos

To make a packet eligible for dos, use the set dos command under policy-map sub-command mode. To disable this feature, use the no form of this command.

set dos

no set dos

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Policy-map sub-command mode.

Command History

Release

Modification

12.4(22)XR

This command was introduced.

Examples

The following example shows how to enable dos marking under the policy map named policy-pdsn that uses a previously configured class-map named class-pdsn:

PDSN_ACTIVE(config)# policy-map policy-pdsn

PDSN_ACTIVE(config-pmap)# class class-pdsn

PDSN_ACTIVE(config-pmap-c)# set dos

PDSN_ACTIVE(config-pmap-c)# exit

PDSN_ACTIVE(config-pmap)# exit

PDSN_ACTIVE(config)# exit

PDSN_ACTIVE#

show cdma pdsn

To display the status and current configuration of the PDSN gateway, use the show cdma pdsn command in privileged EXEC mode.

Note This command, if executed on PCOP, aggregates data or statistics from each TCOP and displays the data in PCOP.

show cdma pdsn

Syntax Description

This command has no keywords or arguments.

Defaults

No default keywords or arguments.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.3(8)XW

QoS and Prepaid output was included in the example.

12.3(8)XW1

Closed-RP output was included in the example.

12.4(15)XR

The output was enhanced to display the following:

•The number of sessions that have QoS enabled

•If policing is installed and enabled.

•If the multiple service flow feature is enabled, or not.

•The maximum number of auxiliary A10s allowed.

•The Number of sessions active with service flows.

•The total number of service flows currently active in the system.

12.4(22)XR

PDSN 5.0 uses Single IP architecture and so the following values are not displayed in the output:

•The number of connected PCFs

•The number of PCFs 3GPP2-RP

The output is enhanced to display the status of dos, status of flow-based policy, and number of RAA-enabled sessions.

Enable RAA for the output to display the RAA statistics.

Examples

The following example shows how to enable the show cdma pdsn command:

PDSN# show cdma pdsn

PDSN software version 5.0, service is enabled

A11 registration-update timeout 1 sec, retransmissions 5

A11 session-update timeout 2 sec, retransmissions 3

Mobile IP registration timeout 100 sec

A10 maximum lifetime allowed 65535 sec

GRE sequencing is on

Maximum PCFs limit not set

Maximum sessions limit not set (default 175000 maximum)

SNMP failure history table size 100

MSID Authentication is enabled

Network code digits for IMSI 5, MIN 6, IRM 4

Profile Password is cisco

Ingress address filtering is disabled

Sending Agent Adv in case of IPCP Address Negotiation is enabled

Allow CI_ADD option during IPCP Phase is disabled

Aging of idle users disabled

Radius Disconnect Capability enabled

Multiple Service flows enabled

Maximum number of service-flows per MN allowed is 6

Call Admission Control disabled

Police Downstream enabled

Data Over Signaling disabled

Flow based policy disabled

Number of pcfs connected 1,

Number of pcfs 3GPP2-RP 1,

Number of sessions connected 1,

Number of sessions 3GPP2-RP 1,

Number of sessions Active 1, Dormant 0,

Number of sessions using HDLCoGRE 1, using PPPoGRE 0

Number of sessions using Auxconnections 0, using Policing 0, using DSCP 0

Number of service flows 0

Number of RAA flows 0-------------------|-----> new

Number of sessions connected to VRF 0,-------------------|-----> new

Simple IP flows 0, Mobile IP flows 0,

Proxy Mobile IP flows 1, VPDN flows 0

Note The RAA information appears only if you have enabled RAA.

show cdma pdsn accounting

To display the accounting information for all sessions and the corresponding flows, use the show cdma pdsn accounting command in privileged EXEC mode.

show cdma pdsn accounting

Note Accounting information varies for each session. Hence, if you run this command on PCOP, it does not aggregate the data or statistics. Instead, using the RCAL functionality, PCOP displays the information of each processor as output.

Syntax Description

This command has no keywords or arguments.

Defaults

No default keywords or arguments.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.3(14)YX

IPV6 UDR show output was added.

Usage Guidelines

The counter names appear in abbreviated format.

Examples

The following example shows how to enable the show cdma pdsn accounting command:

When you configure the cdma pdsn imsi-min-equivalence command, the following output is displayed for the show cdma pdsn accounting command:

UDR for session

session ID: 1

Mobile Station ID IMSI 112345678987655

A - A1:5678987655 A2: A3:

C - C3:0

D - D3:11.1.1.12 D4:000000000000

E - E1:0000

F - F1:0000 F2:0000 F5:003B F6:00 F7:00 F8:00

F9:00 F10:00 F14:00 F15:0

F16:00 F17:00 F18:00

F19:00 F20:00 F22:00

G - G3:0 G8:0 G9:0 G10:0 G11:0 G12:0

G13:0 G14:176 G15:0 G16:0 G17:0

I - I1:0 I4:0

Y - Y2:1

UDR for flow

Mobile Node IP address 9.1.1.9

B - B1:9.1.1.9 B2:g7SIP1@xxx.com

C - C1:0025 C2:98 C4:0

D - D1:0.0.0.0

F - F11:01 F12:00 F13:00

G - G1:0 G2:0 G4:1243836799

G22:0 G23:0 G24:0 G25:0

Packets- in:0 out:0

show cdma pdsn accounting detail

To display accounting information for all sessions and the corresponding flows, and to display the counter names (along with the abbreviated names), use the show cdma pdsn accounting detail command in privileged EXEC mode.

show cdma pdsn accounting detail

Syntax Description

This command has no keywords or arguments.

Defaults

No default keywords or arguments.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(2)XC

This command was introduced.

12.4xx

This output has been enhanced to display the HRPD and IP Flow details.

Examples

The following example shows how to enable the show cdma pdsn accounting detail command: